How it Works Products Journey Security Cloud

Transparency & Governance

  • All elements of a bank’s instance that might impact performance, availability or security are periodically tested with results automatically recorded. This includes third-party external penetration and intrusion detection tests to ensure the ongoing inviolability of Zafin’s subscriber infrastructure.
  • Inbound event streams are inspected for unique events as well as patterns that might indicate a security risk. All events and patterns are immediately escalated for forensic examination and audit evaluation.
  • Zafin’s operating environment and deployment models ensure clients have ready access to the information they require to support forensics, insider activity monitoring, data handling, process transparency, audit and governance.

User Monitoring

  • Zafin’s operating environment and deployment models ensure clients have ready access to the information they require to support forensics, insider activity monitoring, data handling, process transparency, audit and governance.
  • Zafin employees have no access whatsoever to bank systems or data unless similarly authorized on a limited-time basis.

Audit

  • All pertinent data relating to a bank’s SaaS instance, including trouble tickets, access assignments, VPN access and executed commands, are logged, retained and provisioned for forensic and audit purposes.

 

To ensure Zafin’s cloud-based SaaS has durability, consistency, security and traceability equal to or better than existing bank applications, Zafin has implemented the following:

Global reach plus local footprint

Global reach

Leveraging the global reach of our cloud service providers, we ensure each client’s instance is located as close as possible to the bank’s network, and all bank data remains within the proper jurisdiction.

Shared nothing environment

Shared nothing

Zafin provides each client with a dedicated environment. Clients do not share data or any aspect of the application. We use constant replication to geographically separate regions for disaster recovery purposes and integrated automated deployment pipelines with rolling upgrades to ensure no downtime.

Standardized specifications and APIs

Standardized specifications and APIs

Zafin offers a range of standardized integration patterns, including powerful, well-documented REST APIs and batch-based flat files.

Managed environments

Technology

Zafin manages its environments to ensure clients have a secure, high-performance stack. Incident management and resolution are supported by a rigorous monitoring program plus automated alerts. Environments are regularly tested to ensure resilience in disaster recovery scenarios.

Incident management

Incident management

We supplement our standard uptime SLAs with 24x7 dedicated support for critical and security incidents.

SOC 2 Type 2 compliance

Icon with clipboard and lock

To safeguard customer data, Zafin has implemented robust controls based on the SOC 2 trust principles of security and availability. Each year, we are SOC 2 Type 2 certified by an external auditor.

Database backups

Database backup

Periodically, we implement database backups and ability rollbacks to protect against data losses and smooth any potential business continuity issues that might arise due to data issues.

Environments

Environments

Multiple environments are provisioned on demand for testing and integration purposes.

Scalability

Scalability

All infrastructure is designed for horizontal scalability for immediate response to client demand.