Being a custodian of some of the country's leading engagement programs means we are custodians of large-scale data. As a technology company, our robust infrastructure is the foundation of our services. Further, every product we build is integral to our initiatives as solution providers. All this drives us to maintain stringent security measures that not only meet but possibly exceed industry benchmarks
We heavily invest in security practices that are evaluated and audited internally and externally on a monthly, quarterly and annual basis to align with industry compliances and maintain and update our certifications.
PCI DSS
ISO 27001:2013 (ISMS) Certified
ISO 27701:2019 (Privacy) Certified
We conduct scans on a quarterly basis to identify and remediate vulnerabilities within the IT infrastructure.
This is a tool implemented to provide secure access to our production environment using multifactor authentication for privileged users.
A dedicated tool to analyze and monitor the events of our information security systems on a real-time basis.
We do this for all our applications (including web & mobile) annually or whenever there is a change or a request from the client.
Conducted annually and when there is a major change in our IT infrastructure including networks and servers. We check for loopholes that might leave us vulnerable to unauthorized access.
Building and maintaining a variety of products requires us to ensure secure development, testing and delivery. This includes web and application penetration testing especially when there are changes in applications. We keep a check on vulnerabilities - not limited to OWAPS top 10 list.
A mandatory annual audit on the organization's information security policies, guidelines, and processes to ensure everything is in line with industry best practices.
Our certification is kept up to date on an annual basis.
Our IT Infrastructure is hosted with CtrlS Data Centers Ltd. We have both primary and secondary data centers which are Tier-4 certified ensuring they are high-level protection from natural disasters and power shortages. Furthermore, they are also ISO27001 and PCI-DSS compliant. Located in different geographies and seismic zones, all our data centers reside within Indian boundaries.
Our data center networks are maintained at 10GBps bandwidth and all network devices are maintained in redundancy ensuring high availability. With a 3-tier network architecture, we are able to ensure that our web portals, service layer and database servers are hosted in separate networks as per PCI guidelines. Connectivity is provided by approved and reviewed ACLs only and for web portals with internet, we have a separate DMZ network zone.
We have separate firewalls for each network layer in redundancy assuring additional security and high availability. For additional protection of web portals, web application firewalls have been deployed. We use an Arbor Device which provides DDoS Protected Bandwidth and McAfee EPO (Antivirus, Encryption & DLP) for end-point protection. For external and internal connectivity, we ensure the use of only secure methods (HTTPS/SSH). User authentication is based on an active directory with strict enforcement of 2-factor authentication on all servers.
We are 100% virtualized where virtualization clusters provide high-level redundancy. Our virtual machines are hosted on a VMware platform and we use SSD-based storage to handle heavy transaction volumes.
Over the last few years, we have successfully maintained an uptime of minimum 99.982%. Our capability to perform DC-DR switchover with RTO and RPO is between 30-45 minutes. We also perform bi-annual DR drills to ensure the same and have a dedicated NOC team for 24x7 monitoring.
Our teams are capable of handling multiple flavours of operating systems and equipment. We can perform emergency vulnerability/threat closure within 2-3 hours from the availability of fixes/patches and we perform VA/PT closure every month.