Security is foundational to a compliance platform. This page summarises our controls.
Infrastructure
- EU data residency — AWS eu-central-1 (Frankfurt).
- Encryption at rest (AES-256) and in transit (TLS 1.3).
- 30-day rolling backups; 10-year cold archive in S3 Glacier per ESPR retention.
Application & access
- Password hashing with a memory-hard scheme (scrypt / Argon2id-class).
- Mandatory two-factor authentication for administrators.
- Role-based access control; least-privilege by default.
- Immutable audit trail with SHA-256 hashing of every published DPP version, making tampering detectable.
Assurance
ISO 27001 certification is in progress and SOC 2 Type II is planned. Independent penetration testing is scheduled before public launch.
Responsible disclosure
Found a vulnerability? Email security@dppbangladesh.com. We aim to acknowledge within 48 hours and will credit good-faith researchers.