Methodology: Security Policy

Security Policy

Our security policy is aimed at maintaining greater levels of physical and information security. We follow ISO 17799 standards for security management.

Physical Security
  • Photo ID cards and access cards with easy-to-identify bands are issued to all employees
  • Visitors are provided with separate ID cards and are not allowed beyond specific access points. They are accompanied by internal staff during their visit to the office premises.
  • Restricted access for each employee
  • Presence of security guards and 24x7 surveillance system
  • We have fire protection and fire extinguishers available at comfortable distance.
  • The entire office premise has been designated as a non-smoking zone.

Data Access Security
  • Security Firewalls are installed to prevent unauthorized access to the network
  • Group policies in place for accessing PCs and workstations for authorized access
  • Access to important files and directories is given only to specific personnel
  • All email and web servers are located at an independent internet data center
  • GFS Backup policy in place. Monthly backups are stored at an off-site location and removable backups are kept safe with logs duly maintained. Daily backup are stored in fire-proof safe.
  • External security audits are enforced to assess any breach with multi level security management in control
  • By default, all ports (USB, Serial, Parallel) are disabled on PCs. Enabling of the required ports is done only on specific requests by the client
  • Physical security ensures no CDs, Pen-drives, movable media goes in and out of the facility without written permission from the management

Network Security
  • Each client's process is run on a separate VLAN/VPN when run off-shore/off-site
  • Software defined secure tunnels through the internet
  • Only client authorized personnel is allowed to access the VNC/VLAN/VPN. This setup prevents others from accessing the project information
  • Real-time Anti-virus and SPAM protection for desktops and servers
  • Annual maintenance and scheduled preventive maintenance in place for critical assets
  • Adequate spares are available for all critical infrastructure, thereby minimizing downtime
  • Wireless LAN in the office is also security protected

Voice Calls Security
  • Authorization for use of VoIP lines and is provided on a need or project basis
  • VoIP is password protected
  • ACD reports are generated on a weekly basis and analyzed