Access Controls

Role-based access through IAM that enforces segregation of duties, two-factor authentication and end-to-end audit trails ensuring access is in accordance with security context.

Capacity Management

Proactive capacity monitoring based on conservative thresholds and on-demand capacity expansion capability through our highly elastic hosting partners.

Code Review

All changes are tested by the Quality Assurance team and criteria are established for performing code reviews, web vulnerability assessment, and advanced security tests.

Component Redundancy

All components are deployed in ‘n+1’ mode across multiple availability zones configured in active - active mode behind a load balancing service.

Encryption

AES 256 bit encryption for data at Rest and HTTPS with TLS 1.2 encryption for data in transit.

Incident & Breach Management

Procedures are established for reporting incidents, and tracking it for timely communication, investigation and resolution.

Malware & Spam Protection

Malware and Spam protection applied based on latest threat signatures and supports real-time scanning and security.

Perimeter Security

Routing rules hardened based on pre-established criteria for various permissible transactions across all resources.

Platform Load Balancing

Automatically distribute application traffic across multiple availability zones that supports high availability, auto scaling and robust security.

Product Road mapping

Product road-map is defined and reviewed periodically by the Product Owner. Security fixes are prioritized and are bundled in the earliest possible sprint.

Quality Assurance

Builds are put through a stringent functionality test, performance tests, stability tests, and UX tests before the build is certified "Good to go"

Segregation of Duties

Access to the production is restricted to very limited set of users based on the job roles. Access to the production environment for developers and Quality Assurance team members are restricted based on their job responsibilities.

Version Control

Source Code is managed centrally with version controls and access restricted based on various teams that are assigned to specific sprints. Records are maintained for code changes and code check-ins and check-outs.

Virtual Private Cloud

Hosted in dedicated VPCs in non-promiscuous mode that are further segmented for increased security and manageability.