PHI Billing

Security Measures

When we talk about the Cyber security at PHI Billing, we should not forget the three golden rules of Cyber security which is nothing but Confidentiality, Integrity, and Availability, all these three are combinedly called the CIA triad.

We at PHI maintain the CIA triad, and for that, we have implemented technical, Operational, and Managerial controls to protect the data/information of FBSPL. These controls ensure that the client’s data at PHI is safe. Let us have a look of these controls.

Technical Controls

To mitigate the cyber security risks and to protect the data/information of PHI, our IT team has put some technical controls to safeguard our data. Below are the controls that we have implemented.

  • Biometric turn style door access. (Only authorized person can go inside the premises).
  • Implementation of UTM Firewall.
  • Endpoint security software.
  • Network level security.
  • Hardening of computer systems.
  • Azure hybrid network and Mobile device management.
  • Network monitoring tools.
  • CCTV implementation and monitoring.

Operational control

Data breaches can come from multiple internal and external sources, including employees who fail to follow security procedures. To reduce these, we have hired professional security guard on the main gate to operate the ID system. These security guards take care of our physical security, and they make sure that only authorized person can come inside the premises.

Apart from that, we run Cyber Security awareness program for our employees with the help of our process excellence team.

Managerial control

PHI’s cyber security has been designed and implemented by the management of PHI in coordination with the IT team, operation team and all other departments. We have created SOPs for all department to run the business smooth and safe.

We do internal risk assessment for our cyber security implementation and policies by using NIST framework. We hold ISO 27001 certification, and we follow all protocols of the regulatory body.

Disaster management

We are prepared to fight against any disaster against any disruption on the functioning of our businesses. Being an IT company, we have devised a plan for disaster management of our computer systems, servers and data or information.

We do schedule preventive maintenance measures for all equipment and devices to ensure system safety from any failure.

This disaster management is based on the risk assessment which we have done for our company.

  • To prevent any power failure, we have installed 120 KVA Modular UPS with Dual Technology(Line and Solar).
  • We have installed 25 KVA D.G set to provide power backup if the electrical supply from the government electricity board fails.
  • We have multiple internet lines coming from different ISPs
  • We have support of our capable and reliable vendors who always ready to provide support 24/7. We have signed agreements with them.
  • We have a cold site at different location from where we can start our operation within 24 hours in case of any calamity.