Last updated: May 1, 2026
Security is engineered into every layer of KYC.bd. This page summarizes controls; detailed evidence is available under NDA from support@msg.bd.
Encryption
- TLS 1.2 or higher for all external traffic.
- AES-256-GCM encryption at rest for databases and object storage.
- Per-customer envelope keys with rotation.
Access control
- Role-based access with least-privilege defaults.
- SSO + mandatory MFA for staff with production access.
- Just-in-time access grants with full audit trail.
Application security
- Static and dynamic analysis on every pull request.
- Dependency scanning and quarterly penetration testing.
- Bug-bounty program for coordinated disclosure.
Operational security
- 24/7 monitoring with on-call rotations.
- Centralized logging with tamper-evident storage.
- Documented incident response with 1-hour notification SLO.
Compliance posture
Aligned with ISO/IEC 27001 controls, SOC 2 Trust Services Criteria, the Bangladesh DPA 2023, and EU GDPR. See our GDPR Statement and Bangladesh DPA 2023 page.
Questions about this document? Contact legal@msg.bd. This page is a template for informational purposes and is not legal advice; consult qualified counsel for your jurisdiction.