Security Compliance

S.NoType of controlCompliance
1Office AccessAccess inside office is through facial recognition at every gate entrance
2Visitor entering restricted development areaVisitor meeting rooms are outside the restricted access area. By policy, no visitor is allowed inside the restricted access area, unless permitted and accompanied by a senior grade employee
3Employee log-inEvery employee has unique log-in and password and logs into system with that. If an employee biometric is not recorded, log-in at office is denied. Physical presence is must for employee to log-in at office premises
4Product UpdateQuality Assurance clears for product update at production
5Product update controlBuild numbers form the basis towards control for production updates and are documented explicitly through our internal control systems
6Production database accessOnly authorised personnel are allowed access to production database
7Production database password lengthProduction database password is minimum length of twenty-five characters long
9Production users logAll production user actions are logged for security monitoring
10Network Security For production accessNetwork Security Group is implemented to block   access from other than our domain network. Further only required ports are enabled for access.
11User AccessAll user access through secured socket layer and with their unique login id and password
12User Login controlUser account is locked after five attempts of consecutive failure to provide correct password and all login failures are tracked. Further after three attempts of invalid login, captcha get enabled for additional control
13User password controlUser passwords are enforced with minimum of one upper character, one lower character and one special character and minimum of 8-character length
14User password changePeriodical password change is forced for users and new password cannot be same as last six passwords
15User session monitoringA user session expires after 15 minutes of inactivity
16User Access controlUsers can access only those that are allowed access by software administrator including locational control in case of multi-location enterprises
17AuditEvery transaction and access are captured & recorded into the system. The Audit Trial feature of the system provides history of events such as created, modified, viewed, and actioned along with date, time & IP stamp
18Backups Backups are taken at regular intervals through automatic replication methodology in addition to logical and other backup and stored in secured location
19Software support systemA ticketing system exists for users to log support requests with SLA indicators. Support tickets are closed by users or elapse of time
20Data deletionAll customers data are deleted after 30 days from the date they cease to subscribe
21User passwordsUser passwords are hashed and stored in the database and no password is stored in its native form
22User last log-inEvery user can see their last log-in at the top right corner of the screen when they log-in for self-audit
23Penetration TestingInternal penetration testing is done every quarter and remediation are closed with proper follow up.