Data Security

 

(A) General Security Governance

  • Certification – ISO 27001 and ISO 9001.
  • Have Information Security Officer who is formally chartered with the responsibility for information security.
  • Security Program is audited by an independent third party periodically.
  • Periodical penetration tests on all systems are performed by third party periodically.
  • Securities of vendors and/or sub-contractors are accessed.
  • Incident response procedure is in place.

(B) Resource Security

  • Background checks of employees before joining.
  • Regular staff training on current security system and best practices.

(C) Physical & Environmental

  • 24×7 Surveillance CCTV systems are installed & only CEO & COO and any other person authorized by CEO are authorised having access to the CCTV System.
  • 24×7 Security Guards at entry & exit gate.
  • Screening of visitors/employees by a security guard during entry and exit for data storage media like CD’s, USB drives etc.

  USB drives and CDS are banned from work-floor

  • Entry & Exit Registers.
  • Physical Login Register.
  • Biometric Time Attendant Systems.
  • System for Physical Security breaches and conditions under which such breaches are notified to clients.
  • 100% Power Backup.
  • Proper monitoring systems for power supply, HVAC, temperature & other environmental controls in place.
  • Full fledged Fire Control Systems in place.

(D) Network

  • Configuration Guidelines for Network Equipment’s in place.
  • Firewalls in place.
  • Firewall Analyzer in place.
  • Use of secured line (128 bit SSL) to access and transmit data (images) from servers.
  • Segmented LAN with firewall protection.
  • All ports except DNS and SMTP servers are disabled from the external world.

(E) System

(a)  Server

  • Antivirus in place.
  • Login Records maintained.
  • Real Time Back-up All data is backed up regularly either in client’s server farms or our data servers depending on client choice.

(b) Computers/ Laptops

  • Latest Windows Operating System & keeping them updated through updates and security patches.
  • Antivirus in place.
  • Client Login Records maintained.
  • Access to source documents is restricted to authorized employees only.
  • No fax and printing capabilities at the processing site.
  • PCs used by processing do not have CD ROM drives.
  • PCs used in processing are denied web access.
  • Limited usage of paper in the work-floor.