String‘s state-of-the-art and multi-layered secure IT network is certified under ISO 27001:2005 international data security standard for Information Security Management Systems (ISMS). Further, String’s IT framework for client processes has been aligned with SSAE 16 and ISAE 3402 controls to ensure the highest level of confidentiality, data integrity and availability.
A robust infrastructure supported by strong business continuity program and disaster recovery abilities is part of String’s promise of standard security infrastructure. Additionally, String implements customized security solutions, based on customer-identified needs, for its engagements.
For ensuring 100% compliance, stringent data security is maintained in all operations involving the three critical elements of people, process,and technology.
- Security protocols inculcated into all new recruits during induction
- All String employees sign a non-disclosure agreement while joining
- Training sessions arranged frequently for all levels of employees
- Pre-defined routine processes for both data and people administered on entry and exit
- Assigning of data accountability from receipt to disposal
- Specified escalation procedures clearly followed in case of a security breach
- Use of paper, cell phones, and voice recording devices prohibited inside office premises
- Client data assiduously protected from external attack by high end routers, firewalls, and anti-intrusion software
- Use of data recovery devices such as floppy disks, CD/DVD ROMs, USB devices, and external HDDs prohibited
- Employees’ access to user data and Internet granted based on project needs and due approval process
- Access to public domain is strictly forbidden
- All emails (incoming and outgoing) are filtered through a firewall
Security infrastructure – salient features
- Scalable model with built-in redundancy in all the three centers
- Robust BCP/ DR Plan conforming to COBIT standards and industry best practices
- Asset Identification and Classification mechanism
- Risk Analysis and Management Program
- Emergency Response mechanism
- Periodic Communication and Review mechanism
- Regular Testing of Disaster Recovery Plans