Data security

Home » Data security

We have restricted access outsiders to the building and only the assigned employees will have access to your files, folders, and documents. All employees undergo a screening process and sign confidentiality agreements. Employees recruited with a proper reference check.

Data confidentiality is maintained through multiple means-physical security, technological initiatives, robust policies, and constant monitoring. Various initiatives under security are listed below.

Data Security

No data movement from the server as data is housed is not allowed under any circumstances without proper approval from the client.
Secure network and application access.
Regular security audits are performed.
All data is backed up on a regular basis in server farms to enable anytime viewing by the clients.

Physical Security

The operations area is secured to ensure that only authorized personnel are allowed access. Visitors are not allowed to enter the secure operations area. All critical servers are stored in access-controlled rooms.

Restricted Access to work areas and desktops.
Screening of visitors/employees by a security guard during entry and exit for data storage media like Floppies, CDs, Camera Mobiles, Digital Cameras, Pen Drives, and any other electronic device which can capture or store data and other external storage devices on the workstation are disabled.

Personnel security

Verification checks are carried out at the time of appointment of the employees. Following controls are in place in this context.
Availability of satisfactory character references, one business, and one personnel.
Confirmation of claimed academic and professional qualifications.
Confidentiality – (Nondisclosure agreement) is signed by the employees of the company as part of their initial terms and conditions of employment.

Network Security & Internal Security

Use of secured line (128 bit SSL) to access and transmit data from servers in the Client’s place.
Segmented LAN with firewall protection.
All ports except DNS and SMTP server are disabled for the external world.
Individual domain accounts for each processor ensure that the access to source documents is restricted to authorized employees only.
The printing job is screened by an Administrator. Printing rights are not allowed to the customer service agents and there is no access to any printer from the operations area.
Access to the operational area is given to a restricted number of trained professionals and only members of the identified processes have access to the same.
PCs used by processors do not have floppy/USB and CD ROM drives.
E-mail access is restricted to the intranet. Incoming and outgoing emails are constantly screened by the Data Security Administrator.
Regular updating of anti-virus software.
Restricted usage of pen, pencil, and papers in the processing area, and Team Leaders make sure that no data leakage from the processing area.

Procedure for Sorting Password and other Confidential Information

Our Chief Executive Officer shall review and approve ownership of Information Resources and their associated responsibilities.

Our Network Administrator:
Monitor access to the resources to maintain security, operational, and privacy requirements. He is responsible to take all reasonable measures to protect Information Resources, which may include blocking, suspending, or revoking access from sources that pose an immediate threat of harm or interfere with normal operations.

PROCEDURES FOR PASSWORDS

All passwords shall be constructed and implemented according to the following criteria:

Servers that are mission-critical and/or maintain confidential information shall have passwords.
Passwords must be treated as confidential information. Passwords shall only be revealed to Senior personnel and by the end-user/system owner.
Passwords shall be routinely changed (no longer than 90-day intervals for systems processing/storing mission-critical and/or confidential data).
Passwords shall never be transmitted as plain text.
If the security of a password is in doubt, the password shall be changed immediately. If the password has been compromised, the event shall also be reported to the appropriate system administrator(s).
Computing devices shall not be left unattended without enabling a password-protected screensaver or logging off the device.
Forgotten passwords shall be replaced, not reissued.

Website blocking

The system administrator decides which websites will be visible to the user and bookmark websites for use and hide passwords.

Virus Scanning

All messages are scanned for viruses.

We are continuously improving the security system and presently implementing additional security and operational features like automatic maintenance of usage logs to track usage, monitor system health, Auto collection of email addresses, and auto-mail backup archive with access controls.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.