We have restricted access outsiders to the building and only the assigned employees will have access to your files, folders and documents. All employees undergo a screening process and sign confidentiality agreements. Employees recruited with a proper reference check.
Data confidentiality is maintained through multiple means-physical security, technological initiatives, robust policies and constant monitoring. Various initiatives under security are listed below.
- No data movement from server as data is housed is not allowed at any circumstances without proper approval from the client.
- Secure network and application access.
- Regular security audits are performed.
- All data is backed up on a regular basis in server farms to enable anytime viewing by the clients.
The operations area is secured to ensure that only authorized personnel are allowed access. Visitors are not allowed to enter the secure operations area. All critical servers are stored in access-controlled rooms.
- Restricted Access to work area and desktops.
- Screening of visitors/employees by a security guard during entry and exit for data storage media like Floppies, CDs, Camera Mobiles, Digital Cameras, Pen Drives and any other electronic device which can capture or store data and other external storage devices on the workstation are disabled.
- Verification checks are carried out at the time of appointment of the employees. Following controls are in place in this context.
- Availability of satisfactory character references, one business and one personnel.
- Confirmation of claimed academic and professional qualifications.
- Confidentiality - (Non disclosure agreement) is signed by the employees of the company as part of their initial terms and conditions of employment.
Network Security & Internal Security
- Use of secured line (128 bit SSL) to access and transmit data from servers in Client’s place.
- Segmented LAN with firewall protection.
- All ports except DNS and SMTP sever are disabled for the external world.
- Individual domain accounts for each processor ensure that the access to source documents is restricted to authorized employees only.
- Printing job is screened by an Administrator. Printing rights are not allowed to the customer service agents and there is no access to any printer from operations area.
- Access to the operational area is given to restricted number of trained professionals and only members of the identified processes have access to the same.
- PCs used by processors do not have floppy/USB and CD ROM drives.
- E-mail access is restricted to intranet. Incoming and outgoing emails are constantly screened by Data Security Administrator.
- Regular updating of anti-virus software.
- Restricted usage of pen, pencil and papers in the processing area and Team Leaders make sure that no data leakage from processing area.
Procedure for Sorting Password and other Confidential Information
Our Chief Executive Officer shall review and approve ownership of Information Resources and their associated responsibilities.
Our Network Administrator:
Monitor access to the resources to maintain security, operational, and privacy requirements. He is responsible to take all reasonable measures to protect Information Resources, which may include blocking, suspending, or revoking access to from sources that pose an immediate threat of harm or interfere with normal operations.
PROCEDURES FOR PASSWORDS
All passwords shall be constructed and implemented according to the following Criteria:
- Servers that are mission critical and/or maintain confidential information shall have passwords.
- Passwords must be treated as confidential information. Passwords shall only be revealed to Senior personnel and by end user/system owner.
- Passwords shall be routinely changed (no longer than 90 day intervals for systems processing/storing mission critical and/or confidential data).
- Passwords shall never be transmitted as plain text.
- If the security of a password is in doubt, the password shall be changed immediately. If the password has been compromised, the event shall also be reported to the appropriate system administrator(s).
- Computing devices shall not be left unattended without enabling a password-protected screensaver or logging off device.
- Forgotten passwords shall be replaced, not reissued.
The system administrator decides which websites will be visible to the user and bookmark websites for use and hide passwords.
All messages are scanned for viruses.
We are continuously improving the security system and presently implementing additional security and operational feature like automatic maintenance of usage logs to track usage, monitor system health, Auto collection of email addresses and auto mail backup archive with access controls.