- ISO 27001 and ISO 9001 certified.
- Information Security Officer, who is formally accountable for information security.
- The outsource accounting security audit by an independent agency.
- Periodic penetration tests on all systems are performed by the third-party.
- Securities of vendors and subcontractors are accessed.
- An incident response procedure is in place.
General Security Governance
Robust Security Framework
- 24/7 CCTV Surveillance, Accessible to the CEO and COO.
- 24/7 Security Guards Availability.
- Proper Screening of Visitors/Employees.
- USB Drives and CDs Banned on the Work Floor.
- Physical Login and Biometrics Attendance Systems.
- System for Physical Security Breaches with Notification.
- 100% Power Backup and Proper Monitoring Systems.
- Building-Wide HVAC System.
- Full-fledged Fire Control Systems.
Network
- Configuration Guidelines for Network Equipment in place.
- Firewalls are in place.
- A Firewall Analyzer is in place.
- Use a secured line (128-bit SSL) to access and transmit data (images) from servers.
- Segmented LAN with firewall protection.
- All ports except DNS and SMTP servers are disabled from the external world.
System
(I) Server
- Latest Windows & operating system, consistently maintained with regular updates and security patches.
- Antivirus in place.
- Login Records maintained.
- Real-time backup of all data is done regularly either in the client’s server farms or our data servers, depending on the client’s choice.
(II) Computers/ Laptops
- The Windows operating system is always up-to-date with the latest updates and security patches.
- Antivirus in place.
- Client Login Records are maintained.
- Source document access is restricted to authorized employees.
- No fax and printing capabilities at the processing site.
- PCs used for processing lack both CD ROM drives and web access.
- Paperless Work-floor.
Resource Security
- Background checks of employees before joining.
- Regular staff training on the current security system and best practices.