| S.No | Type of control | Compliance |
| 1 | Office Access | Access inside office is through facial recognition at every gate entrance |
| 2 | Visitor entering restricted development area | Visitor meeting rooms are outside the restricted access area. By policy no visitor is allowed inside the restricted access area, unless permitted and accompanied by a senior grade employee |
| 3 | Employee log-in | Every employee has unique log-in and password and logs into system with that. If an employee biometric is not recorded, log-in at office is denied. Physical presence is must for employee to log-in at office premises |
| 4 | Product Update | Quality Assurance clears for product update at production |
| 5 | Product update control | Build numbers form the basis towards control for production updates and are documented explicitly through our internal control systems |
| 6 | Production database access | Only authorised personnel are allowed access to production database |
7
| Production database password length | Production database password are minimum length of 25 characters long |
| 8 | Production users log | All production user actions are logged for security monitoring |
| 9 | Network Security For production access | NetworkSecurity Group is implemented to block access from other than our domain network. Further only required ports are enabled for access. |
| 10 | Production data at rest | All documents at rest are encrypted |
| 11 | Data transmission | All data transmission are encrypted with Aes Encryption and hashed with industry standard hashing algorithm. |
| 12 | User Access | All user access through secured socket layer and with their unique login id and password |
| 13 | Audit | Every transaction and access is captured & recorded into the system. The Audit Trial feature of the system provides history of events such as created, modified, viewed and actioned along with date, time & IP stamp |
| 14 | Backups | Backups are taken at regular intervals and minimum of three times a day by authorised personnel and stored in secured location |
| 15 | Software support system | A ticketing system exists for users to log support requests with SLA indicators. Support tickets are closed by users or elapse of time |
| 16 | Data deletion | All customers data are deleted after 30 days from the date they cease to subscribe |
| 17 | User passwords | User passwords are hashed and stored in the database and no password is stored in its native form |
| 18 | User last log-in | Every user can see their last log-in at the top right corner of the screen when they log-in for self-audit |
| 19 | Penetration Testing | Internal penetration testing is done every quarter and remediation are closed with proper followup. |
