Our data centers are hosted with some of the most trusted datacenter providers in the world including AWS and IBM Cloud. For physical security of data centers and data we leverage the capabilities of these providers which includes physical security and environmental controls. As a SaaS service provider the data of all customers is hosted in the same infrastructure. We have processes and procedures in place to limit the access of data using logical segregation ensuring the privacy and security to the client data.
It is our core responsibility to keep our customer data safe and secure. If you have discovered a security vulnerability we would greatly appreciate your help in disclosing it to us in a responsible manner. Publicly disclosing a vulnerability may attract more risk for your data and of other users. You can send the details to our security team at firstname.lastname@example.org
Security vulnerabilities are treated with the utmost importance to ensure the safety and security of our service. We will work with you to assess and understand the scope of the issue and fully address any concerns.
People, process and business continuity
While we talk about security and ensuring the privacy and security of data, along with technology, people and processes also play an important role. We have HR policies and practices in place to ensure the recruitment of right candidates and background verification of new employees. Security team ensures the need to know based access to security systems, data centers and applications. As part of Information Security Management System (ISMS) regular audits are conducted to ensure internal compliances are followed across the organization.
For business continuity people, process and technology plays key roles to provide uninterrupted services to client. Our offices are based out of different geographic locations in India to ensure service during natural disaster in any one region. For cloud systems backups and BCP plans are in place to provide service in case any interruption from primary location.
Infrastructure and network security
Access to infrastructure and network is granted only on need to know basis with minimum privileges. This ensures that only the users who require access to a system are able to access it. Key-based authentication mechanism is used for login with additional IP based restrictions.
To ensure the security of data during transmission secure communication protocols (TLS1.2, SSH, SCP) are used. Data at rest is also encrypted using standard AES 256 encryption. Host based Intrusion Detection (HIDS) and antivirus are installed to secure and proactively monitor any changes in hosting infrastructure. Audit controls and logging is used to review controlled access environment.
ISO/IEC 27001 is one of the most widely recognized independent international security standards. This certificate is awarded to organizations that comply with ISO's high global standards. Our ISO/IEC 27001:2013 certification applies for Applications, Systems, People, Technology, and Processes.
The General Data Protection Regulation (GDPR) is a new framework that will harmonize data protection rules across the European Union (EU). It goes into effect on May 25, 2018. The GDPR builds on existing data protection law, while also adding new requirements. As part of GDPR all our clients would act as data controllers and we would work as data processor. This ensures the privacy and lawful use of the user personal information.
SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the AICPA's Trust Services Principles criteria. Protecting personal information and ensuring safety is core to our services and we are currently SOC2 type 1 certfied and working towards type 2 certification.