Security at Belt Software
Security is a core value that drives our business forward. From establishing policies and procedures to implementing security controls according to the principle of defense-in-depth,
our security program is built upon the following:
- Information security policies and procedures documented and reviewed at least annually.
- Security awareness and training to all employees upon onboarding and periodically through educational modules.
- Belt enforces TLS 1.2 minimum for data in transit and enforces encryption at rest for all instances and database.
- Belt employees are granted access to applications based on their role. Access is revoked automatically upon termination of employment.
- Production database authentication enforced, and access restricted to users with a business need only.
- Access reviews are conducted periodically and required changes are tracked.
Endpoint Security & Third-party Management
- Mobile Device Management in place to centrally manage mobile devices with policies around security, patching, and encryption enforced.
- Vendor management program in place based on a risk-based approach.
Incident Response & Business Continuity
- Incident response plan is approved and communicated to authorized users. It is tested at least annually.
- Business continuity plan is approved and tested at least annually.