Home / IP Protection & Security

IP Protection & Security

Security is a fundamental part of Technosoft's business. Resulting from its strong and invariable customer focus, Technosoft takes a systematic and comprehensive approach to security, which has led to creation of a solid security management framework. Not only does Technosoft protect its own business critical systems and confidential information, the company also spares no effort in safeguarding its customers' information security, intellectual property, and business reputation.

In its endeavor to meet customer security requirements, Technosoft Networks has committed itself to upholding the highest information security levels. Technosoft follows its own thoroughly documented security policy, with information security enforcement procedures and practices modeled on the ISO 17799 (BS 7799) Information Security Management Standard guidelines. The Technosoft Information Security System undergoes regular internal reviews and external customer security audits with regard to BS 7799 Standard requirements.

Technosoft's top security concerns are shaped in line with our customers' business objectives and include:

  • Protection of intellectual property of both Technosoft and its business partners (IP Protection)
  • Personnel security awareness training
  • Physical security and access control
  • Critical business processes continuity

Information Security

Technosoft Information Security Policy imposes stringent requirements on acceptable use of all data and equipment owned by clients and Technosoft. The building blocks of the Technosoft Information Security System are:

  • Effective control over access to data, resources and equipment
  • Personnel training procedures ensuring high information security awareness
  • Effective control over physical access to Technosoft premises
  • On-going interaction with customer in regards to information security requirements and issues
  • Effective business continuity planning, which ensures uninterrupted performance of business-critical processes

IP Protection

All Technosoft personnel and affiliates having access to business-critical information (data, documentation, software etc.) commit themselves to appropriate use of such confidential information that belongs or pertains to another party and is entrusted to Technosoft under business partnership contracts. IP protection guidelines are incorporated in corresponding job descriptions, appropriate information security enforcement procedures and NDAs to be signed by every employee upon employment with Technosoft. Under these instructions, the Technosoft staff must keep confidential all work-related information, data, software, and documents and surrender all such materials upon termination of service engagement to the employer.

Approach to Security

  • CIA (Confidentiality, Integrity and Availability)
  • The criteria for Information Security is being met by planned approach and continuous improvement PDCA (Plan, Deploy, Check and Act)
  • Approach to the implementation of Information Security Management System Framework
  • Role Based Access to the Information; Need-to-Do / Right-to-Know
  • Commitment of Management towards the Implementation – resource allocation, active participation in the review of the processes, policy creation and implementation
  • Information Security Education and Training made compulsory for all the employees
  • Awareness creation to encourage the employees to start reporting the Security Incidents
  • Security recognized as a Management Initiative and has Senior Management participation
  • It is based on the “People – Process – Technology” (PPT) Equation, where each of them are essential… but not individually sufficient components
  • It is guided by well defined policies and procedures – based on global standards
  • Procedures and Guidelines based on ISO17799 / ISO27001
  • Dedicated and qualified personnel for the management of the process

Administrative Procedures

  • Well defined activity-plans to ensure the availability of People-Process-Technology

Personnel Security

  • Background checks for criminal record for the employees and support staff
  • Technosoft requires credentials and identity verification including a copy of passport prior to employment
  • Do two reference checks… and document them
  • NDA is signed by the process employees and the support staff
  • Identity of the process staff is kept confidential
  • Disabling of the system IDs, Proximity Access Cards immediately after the termination of the employee
  • Comprehensive Induction and Refresher Training for the staff made mandatory on Information
  • Employees are rigorously trained in security awareness and policy, and are tested periodically

Physical Safeguards

  • Secured partitioned area – avoiding the visibility of the process
  • Multi-level supervisory system to avoid the data mishandling
  • Access is restricted by the Access Control to only the designated staff
  • Information storage / communication media… paper or electronic like disks, recording devices, pen drives etc., are strictly prohibited in the process area
  • Information disposal on paper form (shredders) and digital form (degausses) and related record maintenance
  • Secure workstation

Technical Security Services

Access Control

  • Unique User ID, Emergency Access Procedure to Information, Automatic Logoff, Encryption for the Information Storage and Transmission
  • Controlled and Restricted access to the Internet to reduce the probability of data transfer to unauthorized entities
  • Secure Workstation – locked down image… Systems are hardened and only the required applications are permitted to be run on the system
  • Mandatory Log-Off after use
  • Complex Password Policy with Short Life expiry… no reuse
  • Deployment and monitoring of the Firewalls and IPS made mandatory

Audit Control

  • Logging and Periodic Monitoring of the Systems activity
  • Authentication
  • Smart Card based authentication for the end users

Technical Security Mechanisms

Encryption

  • Site-to-Site VPN for Information Transmission, Windows EFS for Information Storage, 3DES/AES for the transmission

Alarm / Audit Trail

  • System/Application/Security Logs are maintained for Servers, Firewalls, IPS, etc., for Incident Management / monitoring purpose. Additionally thresholds are defined for various system parameters beyond which mandatory action is taken
  • Security Metrics are deployed extensively or otherwise “What Can’t be MEASURED, can not be MANAGED”
  • Technical Metrics for Quantitative Monitoring and Qualitative Metrics benchmarked to Standards and Best Practices

Integrity Control

  • Digital Certificates, IPSEC VPN are used to ensure Integrity of all information exchange between outside points, including client services
Meet our Delivery Team | Client Engagement Model | Governance Model | Project Management Methodology | IP Protection & Security | Infrastructure
Minority Enterprise | Terms of Use | Privacy Policy | Site Map
© 2008 Technosoft Corporation. All rights reserved