Security at BancoOS

Customer data is encrypted in transit using TLS 1.2 or higher and encrypted at rest using industry-standard symmetric encryption. Encryption keys are managed by the underlying cloud provider's key management service and rotated on a regular schedule.

• Role-based access control for every workspace, with least-privilege defaults.
• Single sign-on through SAML and OIDC on enterprise plans.
• Multi-factor authentication available for all users.
• Session controls including timeout, device review and revocation.

Every action on an invoice, approval, payment or master-data change is appended to a tamper-evident audit chain. Each entry is cryptographically signed and timestamped so auditors can replay the lifecycle of any document end to end.

BancoOS runs on hardened cloud infrastructure with isolated tenant data stores. Enterprise customers can request dedicated tenancy and Vietnam data-residency arrangements during onboarding — contact us for specifics relevant to your contract.

BancoOS is built to enterprise-finance standards and aligned with SOC 2 Type II controls, ISO 27001 practices and Vietnam's Personal Data Protection law (PDPA). Current attestation reports and DPA templates are available to qualified prospects and customers on request.

If you believe you have found a security vulnerability in BancoOS, please email security@bancoos.vn with a description and reproduction steps. We acknowledge reports within one business day and will keep you informed through remediation.

BancoOS is responsible for the security of the platform — infrastructure, code, encryption, monitoring and incident response. Customers are responsible for configuring their workspace correctly — user provisioning, role assignment, approval policies, integration credentials and the data they choose to upload.