At CorpoZone, we have a strong, well-defined and well-implemented security policy that has been and continues to be the greatest contributor to our superior position in the outsourcing market. Our security measures are highly reliable and are periodically updated as per the latest advancements in technology. We believe in proactive problem identification and provide due importance to risk mitigation plans, that have made us well-equipped to meet the challenges during crisis. Our security begins from the physical security. The entry to our office space is well-protected by security guards, who act as first line of defence from unauthorised access to our infrastructure. The servers and client systems are provided total protection by strong passwords that are changed once in every 2 weeks. IT security managers at CorpoZone have implemented an appropriate information and Internet security policy and an auditing process. We follow the least privilege principle and access to information resources is provided to an associate only when it is absolutely needed to perform his official activities. At CorpoZone, security process is an everyday activity, as security itself is such a subject that never remains the same every day. Security policy at CorpoZone has reference to a regularly updated Knowledge Database that contains information on all aspects pertaining to Information Security, right from how computer systems should be configured to shredding of hard-copy documents. The completion of courses 1) Acceptable use Policy and 2) Data Security Policy are compulsory for all the associates at CorpoZone.Data security
We give paramount importance to the security of each and every piece of information that is processed at our organization. This is evident from the fact that we sign the Confidential Disclosure Agreement with the client, prior to starting with the engagement. As measures to implement data security, the following steps have been put into place:
System management can be sub categorised to Access Control, Software Integrity and Secure Asset Configuration. CorpoZone establish a range of security controls to protect assets residing on systems and networks. CorpoZone uses access controls at its network, and strictly follows the principle of least privilege, where access to a resource/information is provided, only if the access is absolutely necessary. CorpoZone uses removable storage media for critical data so that it can be physically secured. CorpoZone Does regular checks and verifies the integrity of installed software. CorpoZone does regular checks for viruses, worms, Trojans and other malicious software or unauthorized software. Also, we regularly compare all file and directory cryptographic checksums with a securely stored, maintained, and trusted baseline. CorpoZone follows procedures and mechanisms to ensure the secure configuration of all deployed assets throughout their life cycle of installation, operation, maintenance, and retirement. This means CorpoZone applies patches to correct security and functionality problems and establish standard, minimal essential configuration for each type of computer and service. CorpoZone keeps its network topology up to date, and provide some levels of logging. Before applying the patches, CorpoZone consider the security implications for every change to systems and networks. CorpoZone performs vulnerability assessments on a periodic basis, and address vulnerabilities when they are identified.Threat Control Management
Threat Control Management is about conducting an information security risk evaluation that identifies critical information assets, threats to critical assets, assets vulnerabilities and risks. CorpoZone identifies critical information assets and risks to those assets including the potential financial impacts of a successful attack against these assets. CorpoZone has a risk mitigation plan resulting from the evaluation, and ensure that there is a regular review and management of the risks to critical information assets.Accountability and Training and Adequate Expertise
On Accountability and Training front, CorpoZone has enforced accountability for user actions, trainings for accountability, as reflected in organizational policies and procedures. Users mean all the persons with active accounts, for example, employees, partners, suppliers, and vendors. Regarding Adequate Expertise, CorpoZone ensure that there is adequate in-house expertise or explicitly outsourced expertise for all supported technologies, including the secure operation of those technologies. CorpoZone keeps an easy-access list with the contact information of PoCs in case of problems with the operating system, laptop, and access to new project data, passwords, security applications, or custom applications that have been developed internally.Auditing and Monitoring
CorpoZone use appropriate monitoring, auditing, and inspection facilities and assigns responsibility for reporting, evaluating, and responding to system and network events and conditions. This means that CorpoZone regularly use system and network monitoring tools and examine the results they produce; also use filtering and analysis tools and examine the results they produce, and learn how to respond to events that warrant a response action. Also, CorpoZone makes sure that its employees are aware of whom to contact when they notice suspicious behaviour. CorpoZone mandates its system administrators to be up to date on the latest threats and attacks, and provide them with resources on solutions over these problems.Disaster Management Group
In order to counter the occurrence of potential disaster, CorpoZone maintains a disaster management group which comes into action in the wake of any crisis. The Business Continuity Plans are wisely devised and are rehearsed once in 6 months. All the test results are well documented and the associates are provided an easy-access list that contains the Mobile Numbers and Phone Numbers of Disaster Mitigation Team, whom the associates need to contact, in case of a catastrophe.