IT Security & Infrastructure
- Home
- About Us
- IT Security & Infrastructure
IT SECURITY & INFRASTRUCTURE
We followed very well-defined security policies supported by various documents to ensure the security & confidentiality of client data along with regular IT security audits by professionals, therefore, we have developed a security policy which encompasses both physical and logical security as below:
PHYSICAL SECURITY
- High-level Physical security at the premises with the access control system for access to work area.
- Restricted access to individual desktop by each user.
- Mobile phone usage policy restricts its usage outside the work area.
- Employee ID cards, which activate and monitor access to work areas.
- CCTV surveillance of premises on a 24x7 basis
EMPLOYEE SECURITY
- Before recruitment of an employee proper reference check is done and documents & photocopy of ID proof is taken at the time of joining.
- Confidentiality and service agreement is signed with employees at the time of employment.
NETWORK & DATA SECURITY
- Firewall controlled intrusion prevention for computer network & data security.
- Antivirus protection against malwares and spywares.
- To make sure our client’s data remain in a safe & secured environment, we have deployed our job portal server on Amazon Web Services/cloud. This makes sure that our job portal service and clients data remains safe and in live wire condition in all situations.
- Restricted access to Servers and shared resources. This ensures that only authorised persons can access the relevant data.
- Each individual user’s system data includes only the information relevant to his/her working.
- Copy medias like CD/DVD ROM and pen/USB drives are disabled.
- We have installed Sophos network hardware Firewall for data protection along with D-Link/Netgear Routers and Switches which scans each file before downloading and uploading.
- To avoid any nightmare, our IT team system makes sure that all the workstations are having latest windows OS patches, security updates and other application updates, as a part of our proactive Endpoint Vulnerability Management policy. All electronic data backed up to meet the business need for that data. All data can be available in the event of an emergency. Sapphire maintains copies of Customer Data from which it can be recovered.
- Users of the system have a valid logon id and password. The system has one level of firewall protection between its network and the Internet.
- Systems has two levels of firewall protection between its network and the Internet. The firewall system is not visible to Internet users or public. It has a private Internet (non- translated) address and it does not respond to a “ping” from the Internet.
- Data stored on a computer protected by strong passwords that are changed regularly. We encourage all staff to use a password manager to create and store their passwords.
- The company has the right and capability to monitor electronic information created and/or communicated by persons using company computer systems and networks, including e-mail messages and usage of the Internet. It is the company policy or intent to continuously monitor all computer usage by employees or other users of the company computer systems and network.
- The application and database systems can limit the number of applications and databases available to users based on their job requirements.
- Restricted downloading of any shareware programs or files for use without authorization in advance from the IT Department and the user’s manager.
- Use of Emails, Websites are strictly prohibited unless authorised by IT Manager.
- Access controls exist at various layers of the system, including the network. Access control is implemented by logon ID and password. At the application and database level, other access control methods can be implemented to further restrict access.