S.NoType of controlCompliance
1Office AccessAccess inside office is through facial recognition at every gate entrance
2Visitor entering restricted development areaVisitor meeting rooms are outside the restricted access area.  By policy no visitor is allowed inside the restricted access area, unless permitted and accompanied by a senior grade employee
3Employee log-inEvery employee has unique log-in and password and logs into system with that.  If an employee biometric is not recorded, log-in at office is denied.  Physical presence is must for employee to log-in at office premises
4Product UpdateQuality Assurance clears for product update at production
5Product update controlBuild numbers form the basis towards control for production updates and are documented explicitly through our internal control systems
6Production database accessOnly authorised personnel are allowed access to production database
7

Production database password lengthProduction database password are minimum length of 25 characters long
8Production users logAll production user actions are logged for security monitoring
9Network Security For production accessNetworkSecurity Group is implemented to block   access from other than  our domain network. Further only required ports are enabled for access.
10Production data at restAll documents at rest are encrypted
11Data transmissionAll data transmission are encrypted with Aes Encryption  and  hashed with industry standard hashing algorithm.    
12User AccessAll user access through secured socket layer and with their unique login id and password
13AuditEvery transaction and access is captured & recorded into the system. The Audit Trial feature of the system provides history of events such as created, modified, viewed and actioned along with date, time & IP stamp
14Backups Backups are taken at regular intervals and minimum of three times a day by authorised personnel and stored in secured location
15Software support systemA ticketing system exists for users to log support requests with SLA indicators.  Support tickets are closed by users or elapse of time
16Data deletionAll customers data are deleted after 30 days from the date they cease to subscribe
17User passwordsUser passwords are hashed and stored in the database and no password is stored in its native form
18User last log-inEvery user can see their last log-in at the top right corner of the screen when they log-in for self-audit
19Penetration TestingInternal penetration testing is done every quarter and remediation are closed with proper followup.