Website Security Policy

Website Security Policy

NaBFID recognizes its responsibility to protect its website users from unauthorized disclosure of Personally Identifiable Information (PII), Data breaches and compromises. To uphold this commitment, NaBFID has adopted and implemented a robust website security policy designed to safeguard the confidentiality, integrity, and availability of user data accessed or transmitted via its website.

Notice and Disclosures

NaBFID will neither sell, trade, nor disclose the personally identifiable information of its website users to any unauthorized third parties. Information will only be shared as mandated by law or with explicit user consent.

Data Quality and Access

NaBFID strives to ensure that all data presented on its website is accurate and up to date. In the event inaccurate information is detected, NaBFID will promptly initiate corrective actions to rectify the error. If a systemic issue is identified, NaBFID will work swiftly to resolve the problem to ensure a seamless user experience.

During website usage, NaBFID may collect certain non-personal information such as IP addresses etc. This data helps monitor unauthorized access or misuse of the website. Web traffic and access logs are continuously monitored for suspicious activity and anomalies.

Website Infrastructure and Development Controls

  • The NaBFID website is hosted within protected network zones, reinforced by a Gateway Firewall, Intrusion Prevention System (IPS), and a dedicated Web Application Firewall (WAF) configured to safeguard against unauthorized access and attacks.
  • Bank has established Cybersecurity Response Team to manage security related incidents in accordance with the Bank’s Incident Response Plan. Prior to launch, the website underwent a thorough security audit focusing on known application-level vulnerabilities. All identified vulnerabilities were addressed and remediated before going live.
  • All development activities take place within a separate, secured development environment. Changes and updates are thoroughly tested and validated before being deployed to the production web server to ensure stability and security.
  • Content management on the website is controlled via an authenticated system. Only authorized personnel are permitted to contribute or modify content, and no content is published without proper approval.
  • All system software patches, bug fixes, and security upgrades are promptly applied to the web servers to maintain optimal security posture and protect against emerging threats.

The security posture of Website is review periodically and all the identified bugs/issues are fixed on the prescribed timelines