Data Security and Privacy : ISO 2700:2013 & GDPR

Data protection and privacy are very important aspects of any Enterprise product or solution. It is critical to ensure that customer data and privacy is protected from various kinds of threats and vulnerabilities to ensure confidentiality, availability and integrity.

Information security is a key imperative for Senseforth’s vision. It comprises assurance of security of information belonging to Senseforth, as also information that is entrusted to Senseforth by its employees, clients and partners. In the journey of continual benchmarking and improvement of information security practices, it is also important for Senseforth to align with global best practices and standards.

Senseforth has developed and implemented a strong and continually improving Information Security Management System (ISMS) to demonstrate its ability to safeguard confidentiality, integrity and availability of information and its associated assets. Senseforth has established the ISMS in alignment with the global Information Security Standard ISO/IEC 27001:2013. ISO/IEC 27001 is an international standard that provides the specification for an information security management system (ISMS). Senseforth abides by all the 114+ controls specified by this standard. At Senseforth, we are committed to protecting the confidentiality, integrity and availability of information.

We also are committed to the highest levels of compliance towards the applicable Privacy acts and regulations of the countries and regions where we conduct our business and offer our Solutions & Services to, including the European Union (EU) regulation, GDPR. The role of Data security officer (DPO) is played by the CTO office. You can read more about this in our privacy policy here.

Here are some of the security best practices followed at Senseforth.

Senseforth’s information security program imparts training and education to impart knowledge and to teach security related principles on a regular basis.

Senseforth software development follows development best practices including, but not limited to OWASP guidelines. Security is tested right from the development phase , all the way to UAT and production and any identified vulnerabilities are fixed immediately.

Vulnerability and penetration testing is performed periodically to identify any new vulnerabilities and validate if all risks have been mitigated or managed.

Perimeter/network security controls are used to protect Senseforth’s information assets through industry-standard firewall technology and intrusion protection systems.

Solutions built by Senseforth are hosted in secure data center environments - either client’s on-premise data center or in a private cloud i.e. Amazon Web Services or Microsoft Azure.

Access to Senseforth’s information assets is managed using granular role-based authorizations. Secure VPN/ Remote Access tools are used to administer Senseforth’s solutions hosted either on-premise or in a private cloud.

Senseforth recognizes that timely patch management response to vulnerabilities is critical to maintain operational availability, confidentiality and integrity of solutions built by Senseforth.

Senseforth’s corporate environment that manages software development of its solutions is physically and logically isolated from its private cloud hosting solutions and client’s on-premise hosting. An incident that may disrupt its corporate environment would not have any significant impact on the ability to support and maintain the solution, regardless of whether it is hosted on-premise or in a private cloud.

In Summary, we fully realize that our clients trust us expect that Senseforth solutions are securely developed, deployed and managed.Senseforth will continue to strengthen its security posture through 4 Ps - people, processes, products and partners.