BCW Technologies Ltd.
ISO 27001:2022
Self-Compliance Declaration
This declaration is intended to provide assurance to our clients, partners, regulatory bodies, and other stakeholders that BCW Technologies Ltd ("BCW Technologies”) operates in compliance with the requirements of ISO 27001:2022, reflecting its commitment to maintaining the highest standards of information security and data protection.
Scope of Security Practices:
The security framework applies to BCW Technologies, which delivers Web3 infrastructure service provisioning and is the design & development arm for BCW Group. BCW Technologies operates a wide range of Web3 network nodes spanning validators, zk provers, RPCs, bridges, relayers, and oracles to provide on-chain data sources for our external clients, and a wide range of Web3 products and services. This scope includes all information assets, data, processes, infrastructure, and employees involved in delivering these services operating globally.
The scope further includes client data stored, processed, or transmitted as part of BCW Technologies' operations. Critical systems, including Google Cloud Platform, Google Workspace, Gitlab, Github, Jira and other BCW tools fall within this security framework. Our organization relies on cloud service providers that are certified under international standards, such as Google Cloud Platform (GCP), which meets the requirements of ISO 27001:2022 for cloud security. For more details on Google Cloud’s certifications, including ISO 27001, visit Google Cloud ISO Compliance.
Compliance and Control Implementation:
We confirm that BCW Technologies has adopted the necessary controls as per Annex A of the ISO 27001:2022 standard. These controls have been selected and implemented based on a comprehensive risk assessment and documented in the Statement of Applicability (SoA).
Our security framework addresses the following areas of compliance:
- Information Security Policies: A formal set of policies governing the security of information, approved by BCW Group management and communicated across personnel at BCW Technologies.
- Risk Management: A risk management process is in place to identify, assess, and treat information security risks. This includes the regular review and update of the risk treatment plan.
- Access Control: Strict access control mechanisms ensure that only authorized personnel can access sensitive information, particularly client data.
- Cloud Security: Comprehensive cloud security controls are implemented across Google Cloud Platform (GCP), GitHub, and Google Workspace to ensure data protection. These controls include encryption for data at rest and in transit, data residency compliance, regular cloud security audits, multi-factor authentication (MFA), and continuous real-time monitoring of cloud infrastructure for threats and vulnerabilities.
- Third-Party Risk Management: A third-party risk management program is in place to ensure the security of data handled by vendors. This includes risk assessments before engagement, vendor agreements with strict security requirements, ongoing monitoring for compliance, and access controls to limit third-party access based on the least-privilege principle.
- Incident Management: An incident response plan is established, detailing processes for the identification, reporting, management, and resolution of security incidents affecting BCW Technologies’ operations.
- Business Continuity: Measures are in place to ensure continuity of services in the event of disruptions. This includes safeguarding key operations and client data.
- Internal Audits and Continuous Improvement: Regular internal audits are conducted to ensure compliance with ISO 27001:2022, with corrective actions and continual improvement activities implemented where necessary.
Security Awareness and Training:
All personnel involved in BCW Technologies undergo regular information security training to ensure they are aware of security policies, their responsibilities, and the critical importance of safeguarding client information.
Specialized security training in Google Cloud Platform is provided to individuals in key security roles ensuring they possess the necessary technical expertise to manage our cloud platform. Regular simulations and assessments are conducted to test understanding, and the program is continually updated to reflect emerging threats and organizational changes.
Legal, Regulatory, and Contractual Compliance:
We adhere to all relevant legal, regulatory, and contractual requirements applicable to the information that BCW Technologies processes on behalf of clients and partners. This includes compliance with SOC2, ISO 27001 etc, and any contractual obligations defined in client agreements, ensuring that security, privacy, and data protection standards are maintained throughout our service delivery.
Internal Audits, Reviews, and Continuous Improvement:
We conduct yearly Internal audits and management reviews within BCW Technologies to ensure compliance with ISO 27001:2022 requirements. We also follow a continuous improvement approach, ensuring that security policies, procedures, and controls are regularly updated to respond to:
- Evolving security threats
- Client needs
- Changes in regulatory requirements
- Technological advancements
This proactive approach ensures that BCW Technologies stays resilient and adaptive in a dynamic cybersecurity landscape. By systematically reviewing and enhancing security measures, we ensure that risks are effectively mitigated and that our security practices remain at the forefront of industry standards.
Disclaimer:
While BCW Technologies is committed to maintaining compliance with ISO 27001:2022 and implementing best practices to secure information, no security system is completely invulnerable. This declaration does not serve as a guarantee of absolute security, and BCW Technologies makes no warranties beyond those expressed herein.
Compliance Declaration:
We declare that BCW Technologies operates in compliance with ISO 27001:2022 and remains dedicated to continuously enhancing its security practices. For further information or inquiries about this declaration, please contact notices@bcw.group.