Security Policy | Betopia Group

Certifications: ISO 22301:2019 (QRO) · ISO 9001:2015 (QRO) · ISO 27001 Aligned

1. Policy Statement

Betopia Group is committed to protecting the confidentiality, integrity, and availability (CIA) of all information assets entrusted to us by clients, partners, employees, and stakeholders. Information security is a strategic priority embedded across all 22+ Strategic Business Units (SBUs) of Betopia Group.

3. Information Security Objectives

Confidentiality

Information is accessible only to authorised individuals

RBAC, MFA, Encryption

Integrity

Safeguard accuracy and completeness of information

Audit logs, Code reviews

Availability

Authorised users can access information when required

Redundancy, BCP, SLA

4. Data Classification

Classification	Definition	Handling
Public	Approved for public release	No restrictions
Confidential	Sensitive business information	Encrypted; restricted access
Restricted	Highest sensitivity (PII, source code)	MFA required; audit logs mandatory

5. Access Control and Identity Management

5.1 Principles

Least Privilege — minimum access rights required
Need-to-Know — documented business need required
Zero Trust — continuous identity verification

5.2 Authentication

MFA mandatory for all administrative access
Password minimum: 12 characters, complex
Privileged access subject to PAM controls

6. Cryptography and Encryption

Data State	Standard	Application
In transit	TLS 1.2+	HTTPS, APIs, Email
At rest	AES-256	Databases, Cloud, Endpoints

11. Business Continuity and Disaster Recovery

Betopia Group is ISO 22301:2019 certified for Business Continuity Management.

RTO4 Hours

RPO1 Hour

BackupsDaily Full

DR TestsBi-annual

Contact and Reporting

Report suspected vulnerabilities or security incidents to our SOC team:

security@betopialimited.com privacy@betopialimited.com

Daisy Garden, House 14, Block A, Banasree, Dhaka-1219, Bangladesh

Information Security Policy