1. Purpose
This Security Policy describes how Praptham Tech Solutions Pvt Ltd. We protects the confidentiality, integrity, and availability of systems, networks, data, and services associated with our website (https://praptham.com) and our offerings. It sets out our approach to preventing, detecting, and responding to security incidents.
2. Scope
This Policy applies to all information systems, data, services, personnel, service providers, and physical infrastructure used by Praptham Tech Solutions Pvt Ltd. and any affiliated entities or contractors.
3. Roles and Responsibilities
- Management: Establishes and maintains governance, resources, and oversight for security.
- IT/Security Team: Implements controls, monitors systems, responds to incidents, and maintains documentation.
- Employees and Contractors: Must follow policies, report incidents, and protect credentials and data.
- Third-party Service Providers: Must comply with security requirements, confidentiality, and audit rights.
4. Information Asset Classification and Handling
We classify information assets according to sensitivity and apply appropriate handling procedures:
- Public: Intended for public disclosure (e.g., website content).
- Internal: Non-public operational data that is not sensitive.
- Confidential/Sensitive: Data whose unauthorized disclosure or alteration could cause harm (e.g., personal data, credentials).
Access to each class is controlled through role-based permissions, and sensitive data is encrypted or securely handled.
5. Access Control and Authentication
- Unique credentials for each user; shared accounts restricted.
- Strong password rules or multi-factor authentication (MFA) for privileged access.
- Least-privilege principle applied to all access levels.
- Regular review and removal of access for inactive or departed users.
6. Network and System Security
- Use of firewalls, intrusion detection/prevention systems, and network segmentation.
- Regular patching and updates of all software and firmware.
- Endpoint protection including anti-malware and host-based firewalls.
- Secure remote access via VPN or zero-trust network architecture.
- All communication secured using TLS/HTTPS.
7. Data Encryption and Protection
- Data in transit is encrypted using industry-standard protocols (e.g., TLS 1.2/1.3).
- Data at rest is encrypted or stored securely with restricted access.
- Backups are encrypted, securely stored, and periodically tested for restoration.
8. Vulnerability Management and Secure Development
- Regular vulnerability discovery, assessment, and remediation.
- Security testing integrated into the software development lifecycle (SDLC).
- Change management procedures ensure authorized and documented modifications.
9. Incident Response and Disaster Recovery
- Defined processes for detection, escalation, containment, and recovery.
- Disaster recovery and business continuity plans for service restoration.
- Post-incident reviews identify root causes and corrective actions.
10. Monitoring and Logging
- Continuous monitoring of systems for anomalies and unauthorized access.
- Collection and analysis of logs from critical infrastructure.
- Audit trails maintained to ensure accountability and support investigations.
11. Physical Security
- Controlled physical access to offices and critical infrastructure.
- Visitor monitoring and secure equipment disposal procedures.
12. Supply-Chain and Third-Party Security
- Security assessments for service providers and contractors.
- Contracts include confidentiality, audit, and incident notification clauses.
- Supply-chain risks (software/hardware dependencies) are monitored.
13. Training and Awareness
- Regular security awareness training for all staff and contractors.
- Simulated exercises to maintain awareness and preparedness.
14. Compliance and Audit
- Compliance with legal, regulatory, and contractual obligations.
- Periodic internal and external audits to ensure control effectiveness.
- Security metrics and KPIs support continual improvement.
15. Review and Maintenance
This Security Policy is reviewed annually or when significant changes occur in our systems, operations, or threat environment. Updates are approved by management and communicated to all relevant stakeholders.
Contact for Security Matters
Praptham Tech Solutions Pvt Ltd.
Email: [email protected]
Phone: +91 81055 71707