Brankas is an Open Finance provider. We enable businesses to connect to financial institutions easily. Brankas aggregates APIs from financial institutions to enable payment initiation services, account information services, and other financial use cases via a single API. Businesses can then use Brankas APIs to build their own financial services and products.
This page provides an overview of our security program to enable the scoping of diverse third-party risk assessments.
You need to make a request to open access to private documents or other documents not listed here; and make sure that third parties have approved our NDA before granting access to Brankas private documents.
Product and Application Security
We identify security, contractual, and regulatory requirements for customer access contractually prior to granting customers access to data, assets, and information systems.
Data at-rest is protected using using AES-256. All access potentially touching these requires authentication.
Identity and Access Management
We implement access control based on the principles of “least-privilege” and “need-to-know”. There is a separation of duties for granting access and approving access to systems and data.
Change Control & Configuration Management
We have controls in place to restrict and monitor the installation/ changes onto our systems. Same with secure SDLC principle, we mandatory to validate the changes and requires a proper testing, prior to release it to the production.
System and network environments protected by firewall to ensure business and customer security requirements
Data Center Security
We utilize Google Cloud Platform (GCP) to host our services and data. GCP demonstrates satisfies requirements for a comprehensive set of industry-leading security, third-party audits and certifications. GCP has a suite of compliance certificates for their data centers, include ISO 27001 - 27017 - 27018 - 27701 - 9001, SOC 1-2-3, PCI DSS, and CSA STAR SOC2+ certified.
We have documented information security policies, as well as risk management policy and procedure. We made it available to all impacted personnel and business partners, authorized by accountable business role/function and supported by the information security management program as per ISO 27001 standard.
If you can’t find what you need or need further assistance, contact us.