Security considerations

You are here:
< All Topics

Organisation

Anakage is ISO 27001 certified and have all the policies and procedures in place to safeguard the security related aspects of stakeholders.

Employees

All our employees are background verified. They get regular training on security and data privacy aspects. All client owned data if any are on strictly need to know basis. As a development practice we do not need to access client owned data since they reside on client servers. We do not need to have access to servers on ongoing basis and any change are approved before deployment.

Processes

Below are some of the processes during development to maintain security aspects –

1 – Restricted access to code and regular audit of access rights and levels

2 – Segregation of different client related changes to cobots

3 – Code reviews

4 – Use of code analysis tools as part of development process

Post deployment we adhere to client security processes for vulnerability scans and any actionable results. We also fix findings of internal scans done by client if their processes mandates it.

We follow all the OWASP standard and use industry standard tools to test our systems for vulnerabilities. On demand we can provide last scan result on test servers deployed on cloud.

No external API calls are made except to the deployed server.

Digitally Signed Application: A digital signature protects the .exe files or the executable files and the solutions cannot be modified to change their behavior. The application executes any external exe after checking publisher.

All the dependent files are embedded in exe and extracted before use to make sure that they cannot be changed before execution.

No External API call is performed when the solution is executed. Only the solution data is sent to on premise server and absolutely, no information flows to the external sources.

Any change that needs to be incorporated in these .exe files will be well informed to client and deployed only after approval

Encrypted communication(https) to maintain data security during transmission.

Single Sign On support for Identity and Access controls.

Different roles for users to perform different level of operations.

Previous Protected: Prerequisites
Next Data flow between End-User and Server
Table of Contents