Methodology: Security Policy
Our security policy is aimed at maintaining greater levels of physical and information security. We follow ISO 17799 standards for security management.
- Photo ID cards and access cards with easy-to-identify bands are issued to all employees
- Visitors are provided with separate ID cards and are not allowed beyond specific access points. They are accompanied by internal staff during their visit to the office premises.
- Restricted access for each employee
- Presence of security guards and 24x7 surveillance system
- We have fire protection and fire extinguishers available at comfortable distance.
- The entire office premise has been designated as a non-smoking zone.
Data Access Security
- Security Firewalls are installed to prevent unauthorized access to the network
- Group policies in place for accessing PCs and workstations for authorized access
- Access to important files and directories is given only to specific personnel
- All email and web servers are located at an independent internet data center
- GFS Backup policy in place. Monthly backups are stored at an off-site location and removable backups are kept safe with logs duly maintained. Daily backup are stored in fire-proof safe.
- External security audits are enforced to assess any breach with multi level security management in control
- By default, all ports (USB, Serial, Parallel) are disabled on PCs. Enabling of the required ports is done only on specific requests by the client
- Physical security ensures no CDs, Pen-drives, movable media goes in and out of the facility without written permission from the management
- Each client's process is run on a separate VLAN/VPN when run off-shore/off-site
- Software defined secure tunnels through the internet
- Only client authorized personnel is allowed to access the VNC/VLAN/VPN. This setup prevents others from accessing the project information
- Real-time Anti-virus and SPAM protection for desktops and servers
- Annual maintenance and scheduled preventive maintenance in place for critical assets
- Adequate spares are available for all critical infrastructure, thereby minimizing downtime
- Wireless LAN in the office is also security protected
Voice Calls Security
- Authorization for use of VoIP lines and is provided on a need or project basis
- VoIP is password protected
- ACD reports are generated on a weekly basis and analyzed