Security

Infrastructure

ProSystem services run in the cloud on trusted data centres with robust availability and network safeguards. All network traffic is served over TLS 1.2+ with modern ciphers. Data is encrypted at rest using AES-256.

Access control

• Least-privilege access for staff, reviewed quarterly.
• Mandatory SSO with hardware-backed two-factor authentication for all production access.
• Client organisations control their own users, roles and permissions inside ProSystem BMS.

Application security

• All code changes reviewed before merge; CI runs static analysis and dependency checks.
• Quarterly external penetration tests; findings triaged and tracked to closure.
• Responsible-disclosure programme — email security@prosystem.com.bd.

Monitoring & backups

We monitor availability, latency and error rates 24/7 and alert on-call engineers to anomalies. Databases are backed up daily with point-in-time recovery; backups are encrypted and access-controlled.

Incident response

We follow a documented incident-response runbook: detect, contain, communicate, recover, review. Affected clients are notified without undue delay and in any case within the timeframes required by applicable law.

Data deletion

On termination, client data is retained for 30 days for export and then permanently deleted from production systems and backups, per our Terms of Service.

Contact

Questions, audits or vulnerability reports: security@prosystem.com.bd.