Security comes first for us. We approach every client differently with unique security measures and have organisational controls for each project. Here are a few controls in place
Sensitive Data Classification
We organize all our client data by relevant categories, so they may be used and protected more efficiently. It also makes data easier to locate and retrieve. Data classification is of particular importance when it comes to risk management, compliance, and data security.
Need to Know Basis Principle
Regardless of their security clearance level or other approvals, all our staff only have access to the information required by their job roles. Anyone who wants to gain access to sensitive information or a higher level of access must receive an approval from the Corporate.
Business Continuity Plan
Not that we except to use it; but we have a well documented Disaster Recovery plan to minimize the effects of outages and disruptions on business operations and to enable our company to get back on its feet after issues occur. This would also help reduce the risk of data loss and reputational harm, and improve operations while decreasing the effect of emergencies.
Staff Background Verification
We review each potential candidate’s employment history to confirm their professional background and personal address cross checked. We also run police verification for sensitive projects to figure out if a person has had issues with the law or has a criminal record, inorder to maintain high priority for data safety.
Security Awareness and Training Seminars
Our team routinely receives security awareness education, training, and regular updates in organisational policies and procedures. Our awareness program includes verification of the SOPs, phishing simulations that simulate scam/spam/fraud attempts and regular awareness mailers. Each individual team member has their own risk assessment done and progress monitored.
IT & Password Policy
As part of our security strategy, our IT administrators routinely check for operational updates and use the best available password practises. We also keep ourselves updated with the latest industry regulations. By focusing on low-friction authentication tasks, we are improving security and user experience.
Incident Response Plan
We have an Incident Response Team that responds to each incident in a time bound and continuous manner. When incidents are detected by our IPS/IDS systems, or personally by our staff – each goes through a life cycle, from identifying to closing and taking countermeasures. Everys incident is documented, which helps us take countermeasures for future prevention
Device Management System
With the onset of COVID and remote working, we have a robust Device Management system which enables our IT Department to manage all remote devices we use and offer controlled access to our network .
Surveillance and access control
Our offices are well equipped with CCTV command to be able to monitor the entire perimeter. And we have round the clock physical security guards to monitor the access control system and SOPs checks required to protect all facilities. All sensitive information is processed only in specially equipped security zones. Access to our premises is allowed for the active members of the team only and is restricted for everyone else.
Internal Audit Process
Every year, we conduct an independent internal audit and risk assessment of each department. Our internal audits help to Identify potential security problems and gaps ad establish a security baseline that future audits can be compared with. Our audits also cover compliance with latest regulatory laws.