Information Security Policy

Techbuds IT Solutions Pvt Ltd have control to protect the confidentiality, integrity, and availability of information that is owned by or entrusted to them. The intent of this document is to provide assurances to customers, potential customers, and any other interested parties that information in our companies custody is properly protected - and that the protections in place are consistent with appropriate compliance requirements.

Overview

Techbuds IT Solutions Pvt Ltd provide software, consulting, and online services. The Boards of Directors and management of Techbuds IT Solutions Pvt Ltd are committed to preserving the confidentiality, integrity and availability of all the physical and electronic information assets throughout their organisation to maintain legal, regulatory and contractual compliance and to safeguard business integrity and commercial reputation.

Techbuds IT Solutions Pvt Ltd use security policies and standards to support business objectives within their information systems and processes. These policies and standards are implemented, communicated, and reviewed on a regular basis and reflect the executive management teams commitment to information security. Policies and standards are in place to govern the protection of each companys information assets and any information assets of our customers (and others) that have been entrusted to a Techbuds company.

Staff

Techbuds IT Solutions Pvt Ltd employ staff whose responsibility is the protection of information. In addition, it is the responsibility of all of employees to be aware of information security issues within their daily work. To promote awareness, employees of Techbuds IT Solutions Pvt Ltd are provided with training on topics such as the companys security policies, their responsibilities to protect the confidentiality of information entrusted to them, the appropriate use of resources, the extra care required for the protection of mobile devices, and other related topics.

Confidentiality Agreements

Techbuds IT Solutions Pvt Ltd enter into confidentiality or non-disclosure agreements with their vendors, contractors, employees and clients to contractually safeguard personal and other confidential information belonging to a Techbuds company or in the custody of a Techbuds company.

Audits and Assessments

Regular risk assessments are performed to help Techbuds IT Solutions Pvt Ltd identify any potential risks to their information assets and to help prioritize efforts to mitigate those risks. Perodic internal tests are conducted on a regular basis to ensure compliance and verify control effectiveness. Vulnerability scans are conducted, and the results of these scans are used to identify vulnerabilities to be addressed and to prioritize the efforts of those staff that are responsible for keeping the IT systems of Techbuds IT Solutions Pvt Ltd up to date and protected.

Physical Security

All sites hosting information belonging to a Techbuds company (or information that is managed by a Techbuds company on the behalf of others) are secured. Such facilities are protected by physical security barriers and entry controls designed to prevent unauthorized access, damage, and interference. Fire suppression, environmental controls, and uninterrupted power supplies are all in place, as are security cameras to monitor the facilities and all entrances to them.

Access Control

Access to information, information processing facilities, and business processes are controlled on the basis of business and security requirements. Access control rules take into account the basic principle of "need-to-know" and the sensitivity of corporate and personal information.

Layers of security controls limit access to information. These include controls at the network, application, operating system, and database levels. Passwords are used in conjunction with each of these layers; they are subject to defined password construction rules and must be changed at regular intervals. Password administration and management are controlled processes that generate automated audit records.

Data Communications Security

Technologies such as SSL (TLS), and IPsec are used to encrypt data when in transit over public networks. The use of such technologies is dependent upon the level of sensitivity of the information, both corporate and personal.

Computer Security Measures

Various security technologies are deployed within the infrastructures and include firewalls, anti-virus, antispyware, encryption, and intrusion detection systems and processes.

Security data is logged and regularly reviewed to identify policy violations and security incidents. Incidents are documented and investigated to determine severity, root cause, and follow-up actions required. Measures to be taken to prevent re-occurrence are also identified, documented, and implemented as needed.

Disaster Prevention and Recovery

Adequate back-up capabilities exist to ensure that all essential information and software can be recovered following a disaster or media failure. Backup information is stored at a remote secure location, at a sufficient distance to escape any damage from a disaster at the primary site. Backup media is protected against unauthorized access, misuse or corruption during transportation beyond the data center boundaries.

Combinations of preventive and recovery controls are implemented to help protect from harm due to loss of data or processing capabilities. These controls are designed based on an assessment of risk and are meant to keep the harmful effects of any outages to a minimum. The processes making up these control measures are tested on a regular basis.