(A) General Security Governance
- Certification – ISO 27001 and ISO 9001.
- Have Information Security Officer who is formally chartered with the responsibility for information security.
- Security Program is audited by an independent third party periodically.
- Periodical penetration tests on all systems are performed by third party periodically.
- Securities of vendors and/or sub-contractors are accessed.
- Incident response procedure is in place.
(B) Resource Security
- Background checks of employees before joining.
- Regular staff training on current security system and best practices.
(C) Physical & Environmental
- 24×7 Surveillance CCTV systems are installed & only CEO & COO and any other person authorized by CEO are authorised having access to the CCTV System.
- 24×7 Security Guards at entry & exit gate.
- Screening of visitors/employees by a security guard during entry and exit for data storage media like CD’s, USB drives etc.
USB drives and CDS are banned from work-floor
- Entry & Exit Registers.
- Physical Login Register.
- Biometric Time Attendant Systems.
- System for Physical Security breaches and conditions under which such breaches are notified to clients.
- 100% Power Backup.
- Proper monitoring systems for power supply, HVAC, temperature & other environmental controls in place.
- Full fledged Fire Control Systems in place.
- Configuration Guidelines for Network Equipment’s in place.
- Firewalls in place.
- Firewall Analyzer in place.
- Use of secured line (128 bit SSL) to access and transmit data (images) from servers.
- Segmented LAN with firewall protection.
- All ports except DNS and SMTP servers are disabled from the external world.
- Antivirus in place.
- Login Records maintained.
- Real Time Back-up All data is backed up regularly either in client’s server farms or our data servers depending on client choice.
(b) Computers/ Laptops
- Latest Windows Operating System & keeping them updated through updates and security patches.
- Antivirus in place.
- Client Login Records maintained.
- Access to source documents is restricted to authorized employees only.
- No fax and printing capabilities at the processing site.
- PCs used by processing do not have CD ROM drives.
- PCs used in processing are denied web access.
- Limited usage of paper in the work-floor.