Information Security Management

Information Security Management

We at STC established well defined security management system, to ensure the security for our clients. We are fully compliant with the guidelines and principles defined in ISO-17799. Each of our projects complies with our client’s security requirements. We apply formal Security Procedures, which are reviewed periodically by management and updated.

INTELLECTUAL PROPERTY AND CLIENT CONFIDENTIALITY

STC provides core services to several customers and thereby appreciates the importance of intellectual property protection. We have a contract with our customers for a comprehensive non-disclosure agreement (NDA) and mutual protection of intellectual property rights. This contract is usually entered into during the signing of the service agreement.

This would typically contain clauses pertaining to:

  • Definition of Confidential Information
  • Restrictions on use
  • Breach and Consequences there upon points
  • Other miscellaneous provisions like ownership, applicability, jurisdiction etc

Every employee working for STC and assigned to a project signs a Non Disclosure Agreement (NDA) and this is submitted to the client before he/she starts off project related work. Usually the NDA is in the format of the client organization.

  • Confidentiality of information: This is to ensure that client specific information gained during the course of employment or from executing a customer’s contract is not divulged
  • Ownership of developed intellectual property: This ensures that any developments done on the job are the ownership of the company or contract that the employee is working on.

BEST PRACTICES FROM STC

Network Security:

  • 24×7 security system
  • Access cards are issued to all employees and restricted access for each employee.
  • Visitors are provided with separate access cards and are restricted beyond specific access points
  • Rigorous administration and monitoring
  • Continuous monitoring system for the employees and work environment

Data and Information Security:

  • Installed automated data backup system that improves and expands data availability and reliability.
  • Well defined access control policy in place to prevent unauthorized access to important files and directories.
  • Password and Anti virus protection for servers and desktops
  • Password management, authentication and event logging policies in place to prevent internal abuses and external intrusions by controlling access to network and application resources
  • All mail and Web servers are located in an independent area.

Network Security:

  • Data Security Firewalls and vLANs are installed to prevent unauthorized access to the network
  • Allotted separate vLAN / VPN for each client while run Offsite.
  • Client authorized personnel alone allowed to access the VPN to prevent others from accessing the project information.
  • 24 x 7 monitoring system for running applications that accesses the network.
  • 24 x 7 Monitoring system for selected/all network packets as well as selected network events

Our Disaster Recovery Programme prepares us for any sudden need to relocate our operations. In such event, we can move and re-start our operations within 24 hours.