Bevatel Logo

Bevatel Security and Protection

We’d love to hear from you

Our friendly team is always here to chat.

Bevatel Security and Protection

At Bevatel, we take data security and privacy seriously—for both our company and our clients. Our dedicated team of experts oversees all security policies, confidentiality standards, and protective technologies that safeguard Bevatel’s systems and solutions.

Human Resources Security

Background Checks & Non-Disclosure Agreements

Every Bevatel employee undergoes comprehensive background checks, in accordance with local laws and hiring standards. All team members sign non-disclosure agreements (NDAs) before being granted access to company systems or customer data.

Awareness & Training

  • Bevatel regularly trains new and existing employees on information security and data protection. We believe awareness and education are essential to any effective security program—no technical control can replace well-informed staff.
  • Every new hire receives training on data protection, safe system use, and how to recognize internal threats, social engineering, and cyber risks. Ongoing training sessions and internal updates are conducted at least every two months to keep the team informed of new policies and practices.

Access Control and Authorization Management

Bevatel follows a set of advanced technologies and procedures to grant or revoke access permissions to its systems and applications. Access to Bevatel’s systems is based on two core principles: least possible privilege and need-to-know, ensuring that every individual’s access aligns precisely with their defined role and responsibilities.

  • Each client is provided with a unique identification code to securely access Bevatel’s systems and applications.
  • Bevatel enforces a company-wide password policy that adheres to global security standards, requiring password changes every 90 days.
  • According to Bevatel’s password policy, passwords must be at least 10 characters long, contain no spaces, and include special characters, uppercase and lowercase letters, and numbers to ensure complexity.
  • Bevatel also implements multi-factor authentication (MFA) using physical security keys and single sign-on (SSO) solutions for additional protection.
  • Access rights and authorizations are reviewed regularly (at least once every three months) to ensure they remain consistent with each employee’s job role and level of responsibility.

Termination Process

Bevatel follows a documented offboarding procedure that clearly defines the responsibilities for collecting information assets and revoking employee access rights and permissions to Bevatel’s systems and applications once they leave the company.

Bevatel Systems Infrastructure

System and Network Security

Amazon Web Services (AWS) serves as our cloud infrastructure provider. AWS maintains a fully audited security program, including certifications such as ISO 27000, PCI, and SOC2. Bevatel has implemented several security controls, including:

  • Closed-circuit television (CCTV) cameras
  • Backup power supplies
  • Temperature and humidity control
  • Fire and smoke detection alarms
  • Leak detection systems
  • On-site security personnel

Note: Bevatel does not host any customer systems or products within its own offices.

Network Security

Bevatel is committed to implementing the highest possible standards of security and protection for its system networks, applications, and customer data, taking into account several key considerations.

  • Bevatel separates its systems into distinct networks to maximize security and protect customer data while isolating public services from internal operations. Customer data is only shared within the secured system network.
  • Bevatel employs a range of security technologies, including firewalls, intrusion detection and prevention systems (IDS/IPS), and web application firewalls, ensuring that customer data is protected with precision.
  • Configuration management is maintained as a reference for network and firewall security rules, and Bevatel provides alerts for any conflicts between configuration settings and system policies.

Disaster Recovery and Business Continuity

Bevatel takes multiple measures to ensure business continuity and to manage disasters or issues that could negatively impact services:

  • Bevatel updates its disaster recovery and issue management plan at least once a year.
  • Bevatel’s systems and services rely on Amazon Web Services (AWS) across geographically diverse regions to maintain service continuity, even if one or more sites experience an outage.
  • Bevatel aims to isolate and resolve any issues affecting its clients as quickly as possible and with full transparency. In the event of technical problems, Bevatel maintains a status page to keep clients informed.

Backup and Recovery

  • Daily backups are performed and hosted on Bevatel’s data center infrastructure within AWS.
  • Backups are encrypted using AES-256 encryption, and backup restoration tests are conducted at least once a year.

Encryption

  • Bevatel ensures that all customer data is encrypted both in transit and at rest using industry-standard protocols: TLS 1.2 for data in transit and AES-256 for data at rest.
  • Bevatel’s engineering team uses AWS Key Management Service (KMS) to manage encryption keys, which are centrally controlled by Bevatel’s security team.

Server Location

Bevatel applies all security and protection standards to safeguard its own data as well as its clients’ data, including the servers it relies on. Bevatel’s servers are located in Riyadh, Saudi Arabia, within the data centers of Etihad Jawad Atheeb and Zain Telecom.

Call Retention

Bevatel retains all incoming and outgoing calls of its clients for 30 days from the date of the call. Subscribers to Bevatel’s Cloud Call Center service can request retention of calls for a specific period, and Bevatel will store the calls for the requested duration based on the client’s request and an agreed-upon fee.

Monitoring

Bevatel uses tools to review and monitor logs to identify any errors or violations. If issues are found, Bevatel’s team reviews, verifies, and applies the necessary corrections.

Multi-User Cloud

  • Bevatel’s cloud call center system supports multiple users, with logical separation between customer data.
  • Bevatel’s systems ensure that a user is authorized to perform a specific request or access certain data by verifying that the user’s company matches the company of the requested data.

Application Security

Bevatel provides multiple measures and procedures to ensure the security of its applications, including vulnerability management, penetration testing, and change management.

Vulnerability and Patch Management

  • Bevatel has established several processes to perform regular vulnerability scans on its systems and applications.
  • The results are recorded in Bevatel’s ticketing system, assessed based on risk and priority, and added to the backlog for resolution.
  • All issues, patches, and modifications classified as high-risk are resolved within a maximum of 30 days.

Penetration Testing

  • Bevatel conducts penetration tests twice a year through third parties to perform application-level testing.
  • Security threats, vulnerabilities, and weaknesses that are discovered are prioritized and addressed immediately.
  • Penetration test reports conducted by Bevatel are available upon request and are signed under a confidentiality and non-disclosure agreement.

Change Management

  • Bevatel has a formal change management process to handle changes that may occur in the operating environment of Bevatel’s systems and applications, including changes to software, applications, and Bevatel’s core systems.
  • All changes to Bevatel’s systems and applications are subject to the code review guidelines that Bevatel has established for different systems. These reviews are conducted by specialists for the purposes of security analysis, performance assessment, and misuse prevention.
  • Bevatel employs specialists and technical experts to detect errors, identify changes, and address security flaws and vulnerabilities in the systems, applications, and services it provides to its clients.

Incident Response

Bevatel has established multiple procedures for receiving reports of incidents and security issues by the Security and Protection team, which include:

  • Logging the issue/incident
  • Classification
  • Investigation
  • Containment
  • Lessons learned

When responding to any incident or issue affecting Bevatel’s systems or applications, the Security and Protection team performs the following:

  • Collects information and identifies the security issue
  • Communicates with affected customers via email or phone
  • Provides periodic updates as needed to ensure the issue or incident is resolved appropriately for the customers

User Management

  • Bevatel follows various technical methods to ensure appropriate security controls are in place to protect the security of its systems and applications for users.
  • Bevatel conducts a periodic review of each user once a year.
  • Bevatel adheres to all security and business continuity standards, including access types, classification of data accessible to users, and the technical and legal controls necessary to protect data.
  • Bevatel enters into written and documented agreements with all its service providers. These agreements include commitments to confidentiality, security, and privacy policies that ensure the highest levels of protection and security for customer data used and processed through Bevatel’s systems and applications.

End-User Security

Bevatel takes all necessary measures and policies to ensure the protection and security of its systems and applications from end-users.

  • All computers at Bevatel are fully managed and centrally encrypted.
  • End-users cannot disable or stop antivirus or intrusion detection programs, nor can they control any security and protection measures or technologies.
  • Bevatel’s technical team regularly pushes updates to users to ensure that all devices are running the latest versions of Bevatel’s systems and applications.

Privacy and Data Retention

Bevatel implements strict and precise policies and procedures to maintain the security and confidentiality of its customers’ data. To review the information privacy and confidentiality policies, see this link: Privacy Policy

Security, Privacy, and Compliance

Bevatel’s systems and applications are designed to be compatible with the most flexible and secure cloud communication environments, relying on AWS, to ensure security, confidentiality, and protection of customer data.