BAMC's Trust Center
BAMC is committed to ensuring the confidentiality, integrity, and availability of your data. Here is how we protect information and comply with industry standards and regulations.
FAQs
Monitoring
Continuously monitored by Secureframe
Subprocessors
ADP
Payroll, HR, and tax services
Freshworks
IT Service Management and Ticketing
HD Supply
Property improvement, custom products, business services
Keeper Security
Password Manager
Microsoft
Cloud computing (Azure), productivity suites (Microsoft 365), operating systems (Windows), and business solutions (Dynamics 365)
Proofpoint
Email security, identity threat defense, data loss prevention, electronic discovery, and email archiving
RealPage
Real estate rental technology platform
Umpqua Bank
Banking
Yardi
Real estate portfolio software
FAQs
How do we protect residents’ personal information (PII and health-related info)?
We protect residents’ sensitive information by using encrypted systems, secure storage, and strict access controls for both digital and physical records. Only authorized personnel are allowed access, and regular audits are conducted to ensure compliance.
Are our Wi-Fi networks safe for residents, staff, and visitors?
We separate staff Wi-Fi from public Wi-Fi, using strong encryption like WPA3 and secure passwords. Public Wi-Fi is isolated from our internal business systems to prevent unauthorized access.
How do we handle cybersecurity incidents like ransomware or email phishing?
If a cybersecurity incident occurs, it must be immediately reported to IT or management for swift action. We follow a documented Incident Response Plan to contain the issue and minimize damage.
How should we manage passwords for building systems (security cameras, access controls)?
Passwords must be strong, unique, and changed from any vendor defaults. Where possible, Multi-Factor Authentication (MFA) is required to add an extra layer of protection.
What’s our responsibility if a vendor (like a security camera company) gets hacked?
Vendors are required to sign security agreements that mandate breach notification within 48–72 hours. We also conduct regular vendor risk reviews to ensure their cybersecurity practices meet our standards.
What happens to resident or employee information when someone leaves?
When a resident moves out or an employee leaves, we immediately revoke system access and securely delete or shred sensitive information. No information is left accessible beyond the individual’s relationship with the property.
Are our building automation systems (HVAC, lighting, access control) protected from hacking?
Building systems are secured behind firewalls and access is limited to authorized staff only. Firmware updates and vulnerability patches are applied regularly to keep systems protected.
How often should we train staff on cybersecurity?
Staff receive cybersecurity training at least once a year. Training focuses on phishing, password safety, protecting resident data, and properly reporting suspicious activities.
How do we handle resident complaints about data privacy?
A designated Privacy Officer or manager will log, investigate, and respond to all resident privacy complaints within a set timeframe, usually 30 days. We take all complaints seriously and document the resolution process carefully.
Do we have to follow any specific laws or regulations related to cybersecurity?
Yes, depending on the location, we must comply with state privacy laws like CCPA and potentially HIPAA-adjacent regulations if medical information is handled. We also align our security practices with national standards like CIS Controls IG1 to demonstrate responsible cybersecurity.