| S.No | Type of control | Compliance |
| 1 | Office Access | Access inside office is through facial recognition at every gate entrance |
| 2 | Visitor entering restricted development area | Visitor meeting rooms are outside the restricted access area. By policy, no visitor is allowed inside the restricted access area, unless permitted and accompanied by a senior grade employee |
| 3 | Employee log-in | Every employee has unique log-in and password and logs into system with that. If an employee biometric is not recorded, log-in at office is denied. Physical presence is must for employee to log-in at office premises |
| 4 | Product Update | Quality Assurance clears for product update at production |
| 5 | Product update control | Build numbers form the basis towards control for production updates and are documented explicitly through our internal control systems |
| 6 | Production database access | Only authorised personnel are allowed access to production database |
| 7 | Production database password length | Production database password is minimum length of twenty-five characters long |
| 8 |
| 9 | Production users log | All production user actions are logged for security monitoring |
| 10 | Network Security For production access | Network Security Group is implemented to block access from other than our domain network. Further only required ports are enabled for access. |
| 11 | User Access | All user access through secured socket layer and with their unique login id and password |
| 12 | User Login control | User account is locked after five attempts of consecutive failure to provide correct password and all login failures are tracked. Further after three attempts of invalid login, captcha get enabled for additional control |
| 13 | User password control | User passwords are enforced with minimum of one upper character, one lower character and one special character and minimum of 8-character length |
| 14 | User password change | Periodical password change is forced for users and new password cannot be same as last six passwords |
| 15 | User session monitoring | A user session expires after 15 minutes of inactivity |
| 16 | User Access control | Users can access only those that are allowed access by software administrator including locational control in case of multi-location enterprises |
| 17 | Audit | Every transaction and access are captured & recorded into the system. The Audit Trial feature of the system provides history of events such as created, modified, viewed, and actioned along with date, time & IP stamp |
| 18 | Backups | Backups are taken at regular intervals through automatic replication methodology in addition to logical and other backup and stored in secured location |
| 19 | Software support system | A ticketing system exists for users to log support requests with SLA indicators. Support tickets are closed by users or elapse of time |
| 20 | Data deletion | All customers data are deleted after 30 days from the date they cease to subscribe |
| 21 | User passwords | User passwords are hashed and stored in the database and no password is stored in its native form |
| 22 | User last log-in | Every user can see their last log-in at the top right corner of the screen when they log-in for self-audit |
| 23 | Penetration Testing | Internal penetration testing is done every quarter and remediation are closed with proper follow up. |