Loylty Rewardz
Get 1:1 Consultation

Being a custodian of some of the country's leading engagement programs means we are custodians of large-scale data. As a technology company, our robust infrastructure is the foundation of our services. Further, every product we build is integral to our initiatives as solution providers. All this drives us to maintain stringent security measures that not only meet but possibly exceed industry benchmarks

We heavily invest in security practices that are evaluated and audited internally and externally on a monthly, quarterly and annual basis to align with industry compliances and maintain and update our certifications.

PCI DSS Certified

PCI DSS

ISO 27001:2013 (ISMS) Certified

ISO 27001:2013 (ISMS) Certified

ISO 27701:2019 (Privacy) Certified

ISO 27701:2019 (Privacy) Certified

We're trusted because we're champions of security

We believe in building a culture of security because we believe our security decisions impact our identity, competitive advantage, and bottom line. Information and infrastructure security is ingrained in our organization's people, processes and technologies. Our security activities are made known across the organization so people at every level are able to assume ownership and accountability for data security.
Security Measures Overview
Internal & External Vulnerability AssessmentInternal & External Vulnerability Assessment

We conduct scans on a quarterly basis to identify and remediate vulnerabilities within the IT infrastructure.

Privilege Identity ManagementPrivilege Identity Management

This is a tool implemented to provide secure access to our production environment using multifactor authentication for privileged users.

SOC Team & Licensed SIEM ToolSOC Team & Licensed SIEM Tool

A dedicated tool to analyze and monitor the events of our information security systems on a real-time basis.

Source Code ReviewSource Code Review

We do this for all our applications (including web & mobile) annually or whenever there is a change or a request from the client.

Internal & External Penetration TestingInternal & External Penetration Testing

Conducted annually and when there is a major change in our IT infrastructure including networks and servers. We check for loopholes that might leave us vulnerable to unauthorized access.

Product SecurityProduct Security

Building and maintaining a variety of products requires us to ensure secure development, testing and delivery. This includes web and application penetration testing especially when there are changes in applications. We keep a check on vulnerabilities - not limited to OWAPS top 10 list.

Annual Internal & External AuditsAnnual Internal & External Audits

A mandatory annual audit on the organization's information security policies, guidelines, and processes to ensure everything is in line with industry best practices.

PCI DSS & ISO 27001:2013 (ISMS), ISO 27701:2019 (Privacy) Certification, Data LocalizationPCI DSS & ISO 27001:2013 (ISMS), ISO 27701:2019 (Privacy) Certification, Data Localization

Our certification is kept up to date on an annual basis.

feature
Thought Leadership

Understanding the need for data security in today’s digital age

A glimpse at the pillars of our IT infrastructure
Data Centers

Our IT Infrastructure is hosted with CtrlS Data Centers Ltd. We have both primary and secondary data centers which are Tier-4 certified ensuring they are high-level protection from natural disasters and power shortages. Furthermore, they are also ISO27001 and PCI-DSS compliant. Located in different geographies and seismic zones, all our data centers reside within Indian boundaries.

Network

Our data center networks are maintained at 10GBps bandwidth and all network devices are maintained in redundancy ensuring high availability. With a 3-tier network architecture, we are able to ensure that our web portals, service layer and database servers are hosted in separate networks as per PCI guidelines. Connectivity is provided by approved and reviewed ACLs only and for web portals with internet, we have a separate DMZ network zone.

Security

We have separate firewalls for each network layer in redundancy assuring additional security and high availability. For additional protection of web portals, web application firewalls have been deployed. We use an Arbor Device which provides DDoS Protected Bandwidth and McAfee EPO (Antivirus, Encryption & DLP) for end-point protection. For external and internal connectivity, we ensure the use of only secure methods (HTTPS/SSH). User authentication is based on an active directory with strict enforcement of 2-factor authentication on all servers.

Servers & Storage

We are 100% virtualized where virtualization clusters provide high-level redundancy. Our virtual machines are hosted on a VMware platform and we use SSD-based storage to handle heavy transaction volumes.

Availability & Monitoring

Over the last few years, we have successfully maintained an uptime of minimum 99.982%. Our capability to perform DC-DR switchover with RTO and RPO is between 30-45 minutes. We also perform bi-annual DR drills to ensure the same and have a dedicated NOC team for 24x7 monitoring.

Support & Response

Our teams are capable of handling multiple flavours of operating systems and equipment. We can perform emergency vulnerability/threat closure within 2-3 hours from the availability of fixes/patches and we perform VA/PT closure every month.