To reduce the risk of unauthorized access to data, BioRegistra employs authentication for administrative access to systems with more highly classified data. Where possible and appropriate, BioRegistra uses token IDs for authentication. For example, calls to the backend servers require connection using system generated token that combines numerous metrices like time of request, ID of device, role of user, etc. before calls are honored.
Where passwords are used, they are required to be complex (length, combination, among other requirements).
Audit Trail for activity monitoring
With our audit trail reports, you can track the activity of your agents and Other users on your project. This helps you monitor and track in cases where You need to do any form of auditing on your account. You can also export this Report in multiple formats to be used outside the system. Also, BioRegistra possesses integrated real-time client analytics which probes, stores, and monitors all key activities done on a device.
User and data account privacy
BioRegistra is a cloud service platform, however, we take maximum Caution to ensure your data is only accessible by you or your other users That you have granted the privilege to. You can also assign different roles with different privileges as you desire.
Customer Payment Information
We use Flutterwave’s RavePay for payment processing and do not store any Debit card information or Bank account details. RavePay is a trusted, PCI-DSS Compliant gateway.
API and Integrations
All access to BioRegistra API endpoints require an authentication key that is generated on demand for customers. Integrations can also be disabled at any time if any fraudulent activity is suspected.
Servers and Networking
All servers that run BioRegistra software in production are recent, continuously patched systems. Additional hosted services that we utilize are comprehensively hardened platforms.
Our web servers use the HTTPS security so that requests are protected from man-in-the-middle attacks. We utilize industry standard security such as GlobalSign SSL for 128-bit encryption of your information, same as used by many top organizations and financial institutions.
Internal tier-to-tier requests are signed and authenticated to prevent request forgery, tampering, and replay.
Root Access Detection
Rooting is the process of allowing users of smartphones, tablets and other devices running the Android mobile operating system to attain privileged control (known as root access) over various Android subsystems. When a device is rooted, a user can access root data on the device at will. However, one security feature on BioRegistra is that the application for android devices cannot run on rooted android devices, thereby avoiding manual data access and manipulation.
Secure Data encryption and Transportation
We secure your data in all digital states – when it is at rest, when it is in transit and when it is in use.
Data at Rest – Encryption of captured data (Using AES) to ensure data safety and data integrity.
Data in Use - With controlled access and authentications in place, data in use is protected against suspicious users and potential threats.
Data in Transit – HTTPS connections between the client and the backend is used to ensure efficient security while data is being transported at the Layer 4 (Transport Layer).
Policies and standards
Seamfix maintains a set of policies, standards, procedures and guidelines that provide the BioRegistra workforce with the “rules of the road” for operating BioRegistra's ISMS. Our security documents help ensure that BioRegistra customers can rely on our workers to behave ethically and for our service to operate securely.
Code Reviews and Production Signoffs
All changes to source code destined for production systems are subject to pre-commit code review by a qualified engineering peer that includes security, performance, and potential-for-abuse analysis.
Prior to updating production services, all contributors to the updated software version are required to approve that their changes are working as intended on staging servers.
With data automatically backed up and replicated across multiple redundant nodes and across regions, you are safe from a single point of failure without requiring significant upfront investment in infrastructure.
Periodic Vulnerability and Penetration tests
BioRegistra engages independent entities to conduct regular application-level and infrastructure-level penetration tests. Results of these tests are shared with BioRegistra management. BioRegistra's Security Team reviews and prioritizes the reported findings and tracks them to resolution.