Data security and privacy concerns are always at the centre of whatever we do. This the reason all our policies and procedures are aligned to ISO 27001 standard.

Data Security Controls

1. Identity and device management

We ensure that only the right team members and approved devices can access the client’s data with Identity and Access Management (IDAM) controls we have put in place.

2. Data Protection

By default, we encrypt data at rest and data in transit for all our clients. Also, the data saved in the cloud is protected by enforcing 2FA and a strong password policy. Regular security audits are carried out to ensure these controls are working effectively.

3. Data loss prevention

Data saved on all workstations is in continuous sync with cloud storage, ruling out any possibilities of data loss.

4. Third-Party risk management

Over the year, we have made a conscious effort to minimise third party risks by establishing a solid screening and evaluation process before engaging with third parties. The tasks and projects we receive from clients are never sub-contracted, and the involvement of local third parties is limited to non-critical aspects of
our operations.

However, we rely on reputed providers like Microsoft and Google for tech tools that we need to work smoothly in today’s environment.

5. Incident response plan

Our Data Security policy lays out a mature incident response plan addressing phases such as preparation, identification, containment, eradication, recovery, and lessons learned. We also have a process to report any incident to appropriate authorities with the timeframes required by the law.

6. Policy management

We organise regular training to ensure all our team members are aware of our Data Security Policy. Also, the policy itself is reviewed and updated frequently to
include best practices.