Q&A

• WHAT SBIR stands for?

  We stands for "SMART BUSINESS INTELLIGENCE REPORTING"

• WHAT All SBIR Services ?

  We provide different services for our client :
  - Domains
  - Web & Cloud Hosting
  - Web Developement
  - Mobile Developement
  - Graphic Design
  - UI & UX Design
  - ERP Developement- - Marketing Digital
  - Digital Marketing
  - SEA & Réferencement
  and more products

• Where is my data stored? Can I choose where my account and data will be located?

  The Data Center where your data is stored in UK.

  
  
  

  At any instant, you can know which Data Center your data resides in by looking at the URL on the browser when you are logged in to SBIR CORPORATION and are using our applications, or by clicking here.

  • 1. If the URL is in the format of *.SBIR.MA, then your data is stored in the UNITED KINGDOM(UK).
  • 2. If the URL is in the format of *.SBIRCORPORATION.COM, then your data is stored in the CANADA.

• Will SBIR CORPORATION employees have access to our data and what data will they have access to?

  Access to your data is restricted to a small number of employees on a need-to-know basis in order to provide you technical support. This access is reviewed periodically.

• Is data stored on SBIR CORPORATION cloud products encrypted ?

  We encrypt customer data both in transit and at rest. Data at rest is encrypted using industry-standard.

• How are passwords for SBIR CORPORATION cloud services stored ?

  The passwords you use to access SBIR CORPORATION services are stored in a non-reversible encryption scheme. We use bcrypt hashing algorithm with per-user-salt, so that even if our login database was stolen, it would be prohibitively expensive to reverse engineer the passwords.

• How is customer data segmentation implemented in SBIR CORPORATION cloud services?

  Our framework distributes and maintains the cloud space for our customers. Data of multiple customers is logically separated from each other and our framework ensures that no customer's service data becomes accessible to another customer.

• How does SBIR CORPORATION protect itself against DDos attacks ?

  We use technologies from well-established and trustworthy service providers, who offer multiple DDoS mitigation capabilities to prevent disruptions caused by such attacks.

• Does SBIR CORPORATION conduct penetration tests and code scans ?

  Yes, we conduct automated and manual penetration testing efforts regularly. We use a combination of certified third party scanning tools and in-house tools for scanning codes.

• I found a vulnerability in one of your products. How do I report it ?

  If you discover a vulnerability in one of our products, you can let us know so that we can fix it as soon as possible. We also have a responsible disclosure policy and bug bounty program. Please find further details at https://sbir.ma/bugbounty/

• Does SBIR CORPORATION have an incident response program ?

  We have a dedicated Incident Response Team which is responsible for incident detection, assessment, forensics, containment, and recovery activities. In cases where we are controllers of data and an incident leads to a data breach, the affected customers will be notified within 72 hours after we become aware of it. In cases where we are processors of data and an incident leads to a data breach, the respective controllers will be informed without undue delay. 

  For general incidents, we will notify users through our blogs, forums, and social media. For incidents specific to an individual user or an organization, we will notify the concerned party through email (using their primary email address). The Complete report will be provided to customers on request within 5 to 7 working days.

• What are SBIR CORPORATION's responsibilities in the event of a security incident ?

  We notify the incidents that apply to you, along with suitable actions that you may need to take. We track and close the incidents with appropriate corrective actions. Whenever applicable, we provide you with necessary evidences regarding incidents that apply to you. Root Cause Analysis will be provided on request.

• As a customer of SBIR CORPORATION, what are the additional security options I have to protect my data?

  Additional security features that can be availed by customers:

  • Multi factor Authentication
  • Configurable password policy
  • IP restrictions
  • Role based Access control
  • Encryption for custom fields
  • Account activity audit

• If a customer discontinues SBIR CORPORATION service, how long is their data retained ?

  We hold the data in your account as long as you choose to use SBIR CORPORATION Services. Once you terminate your SBIR CORPORATION user account, your data will eventually get deleted from active database during the next clean-up that occurs once in 6 months. The data deleted from the active database will be deleted from backups after 3 months.

• What is SBIR CORPORATION's business continuity and disaster recovery plan ?

  We have a business continuity plan for our major operations such as support and infrastructure management. For redundancy, Data in primary Data Center (DC) is replicated in the secondary. In case of failure of the primary DC, secondary DC takes over and the operations are carried on smoothly with minimum or no loss of time.

• What is your data backup policy ?

  We run full back-ups once a week and incremental back-ups everyday. Back-up data in a DC is stored in the same location and encrypted at rest, as the original data. We additionally restore and validate backups every week. A retention time of 3 months is applicable for all backed up data. In case of a request from a specific customer, we will restore their data from the backup and make it available to them.

• What controls you have in place while accessing customer data?

  We employ technical access controls and internal policies to prohibit employees from arbitrarily accessing user data. We adhere to the principles of least privilege and role-based permissions to minimize the risk of data exposure.  Access to production environments is facilitated through a separate network with stricter rules and hardened devices. Access control is maintained by a central directory and authenticated using a combination of strong passwords, two-factor authentication, and passphrase-protected SSH keys.

• What is your availability SLA commitment ?

  Our availability SLA commitment is 99.9% monthly uptime. We have redundancies implemented at various levels starting from the infrastructure to the ISP to achieve this. Data from the primary data center is replicated in the secondary, and a read-only version of SBIR CORPORATION apps is always served from the secondary data center.

• What is your risk assessment process? How often is risk assessment performed?

  We have a risk assessment policy and procedure to identify, analyze and mitigate risks by implementing appropriate controls. We perform risk assessment for every major change that happens in our environment. The overall risks are reviewed and updated once in a year. 

• What is your employee background verification policy?

  Each employee undergoes a process of background verification. We hire reputed external agencies to perform this check on our behalf. We do this to verify their criminal records, previous employment records if any, and educational background. Until this check is performed, the employee is not assigned tasks that may pose risks to users.

• Will you share my data for the purpose of law enforcement?

  We always provide utmost importance to customer’s privacy. When we receive requests from law enforcement authorities, we review such requests to see if the applicable legal process is followed to obtain a valid and binding order. We object to overboard or otherwise inappropriate requests. Unless prohibited by law, we notify customers before disclosing customer data so that the customers can seek protection from disclosure.