Data Security Policy
1. Introduction
THE kunalitservices.com DATA SECURITY POLICY COVERS OUR SERVICES AND WEBSITES LOCATED AT www.kunalitservices.com (HEREINAFTER COLLECTIVELY REFERRED TO AS “SERVICE(S)”).
WE VALUE THE UNWAVERING TRUST THAT OUR USERS PLACE IN US AS CUSTODIANS OF THEIR DATA. WE UNDERSTAND OUR RESPONSIBILITY AND TAKE APPROPRIATE CARE TO PROTECT AND SECURE YOUR INFORMATION SERIOUSLY AS DESCRIBED IN OUR SECURITY PRACTICES BELOW.
THE TERMS “CUSTOMER” “YOU” “YOUR” “USER” AND “USERS” REFER TO ALL INDIVIDUALS AND OTHER PERSONS WHO ACCESS OR USE OUR SERVICES, INCLUDING, WITHOUT LIMITATION, ANY COMPANIES, ORGANIZATIONS, OR OTHER LEGAL ENTITIES THAT REGISTER ACCOUNTS OR OTHERWISE ACCESS OR USE THE SERVICES THROUGH THEIR RESPECTIVE EMPLOYEES, AGENTS, OR REPRESENTATIVES.
This policy is applicable to all kunalitservices.com data and customer data assets that exist if any; kunalitservices.com processing environment, on any media during any part of its life cycle. The following entities or users are covered by this policy:
-
Full or part-time employees of kunalitservices.com who have access to kunalitservices.com or customer data.
-
kunalitservices.com vendors or processors who have access to kunalitservices.com or customer data.
-
Other relevant persons, entities, or organizations that have access to kunalitservices.com or customer data.
2. Compliance
kunalitservices.com IS COMPLIANT WITH THE PAYMENT DATA SECURITY STANDARDS VIA THE THIRD-PARTY PAYMENT PROVIDERS WE USE AND CAN THEREFORE ACCEPT OR PROCESS CREDIT CARD INFORMATION SECURELY IN ACCORDANCE WITH THESE STANDARDS. IN ADDITION, kunalitservices.com FOLLOWS THE REASONABLE SECURITY PRACTICES AND PROCEDURES AS PER RULE 8 OF INFORMATION TECHNOLOGY (REASONABLE SECURITY PRACTICES AND PROCEDURES AND SENSITIVE PERSONAL DATA OR INFORMATION) RULES, 2011.
3. Access Control
ACCESS TO OUR TECHNOLOGY RESOURCES IS ONLY PERMITTED THROUGH SECURE CONNECTIVITY (FOR E. G. HTTPS) AND REQUIRES AUTHENTICATION. OUR PASSWORD POLICY REQUIRES COMPLEXITY, EXPIRATION, LOCK OUT AND DISALLOWS REUSE. WE GRANT ACCESS ON A NEED TO KNOW ON THE BASIS OF LEAST PRIVILEGE RULES, REVIEWS PERMISSIONS QUARTERLY, AND REVOKES ACCESS IMMEDIATELY AFTER EMPLOYEE TERMINATION.
4. Security Policies
WE REVIEW AND UPDATE OUR SECURITY POLICIES AT LEAST ANNUALLY. OUR EMPLOYEES ARE OBLIGATED TO ACKNOWLEDGE POLICIES ON AN ANNUAL BASIS AND ARE PROVIDED TRAINING FOR ASSURING DATA SECURITY AND JOB SPECIFIC SECURITY AND SKILL DEVELOPMENT FOR KEY JOB FUNCTIONS.
5. Physical Security
OUR INFORMATION SYSTEMS AND TECHNICAL INFRASTRUCTURE ARE HOSTED WITHIN WORLD-CLASS DATA CENTER LOCATED IN INDIA. PHYSICAL SECURITY CONTROLS AT OUR DATA CENTRES INCLUDE CAMERA SURVEILLANCE, VISITOR LOGS, SECURITY PERSONNEL.
6. Personnel Screening
WE CONDUCT BACKGROUND RESEARCH AT THE TIME OF HIRE (TO THE EXTENT PERMITTED OR FACILITATED BY APPLICABLE LAWS AND COUNTRIES). IN ADDITION, WE COMMUNICATE OUR DATA SECURITY POLICIES TO ALL PERSONNEL (WHO MUST ACKNOWLEDGE THIS) AND REQUIRE NEW EMPLOYEES TO SIGN NON-DISCLOSURE AGREEMENTS AND PROVIDE ONGOING PRIVACY AND SECURITY TRAINING.
7. Penetration Testing and System Vulnerability Assessments
WE HAVE A VULNERABILITY ASSESSMENT PROGRAM WHICH INCLUDES PERIODIC SCANS, IDENTIFICATION, AND REMEDIATION OF SECURITY VULNERABILITIES ON SERVERS, NETWORK EQUIPMENT, AND APPLICATIONS. ALL NETWORKS, INCLUDING TEST AND PRODUCTION ENVIRONMENTS, ARE REGULARLY SCANNED USING TRUSTED THIRD-PARTY VENDORS.
WE ALSO CONDUCT REGULAR INTERNAL AND EXTERNAL PENETRATION TESTS AND REMEDIATE ACCORDING TO SEVERITY FOR ANY RESULTS FOUND.
8. Data Transit Encryption
All users that access kunalitservices.com or customer data to enable its transmission must do so only in conformance to this policy.
Where the necessary data transmitted, must be secured via cryptographic mechanisms. This may include the use of confidentiality and/or integrity mechanisms. Specific cryptographic mechanisms are used for the purposes of cryptography.
The media used to distribute data should be classified so that it can be identified as confidential and if the media is sent using courier or another delivery method, it should be accurately tracked. No data can be distributed in any media from a secured area without proper management approval.
9. Data Classification
Data classification is necessary to enable the allocation of resources to the protection of data assets, as well as determining the potential loss or damage from the corruption, loss or disclosure of data.
To ensure the security and integrity of all data, the default data classification of any data asset is either Confidential Customer Data or Proprietary Company Data.
The Data Security officer shall be responsible for evaluating the data classification schemes and reconciling it with new data types as they enter usage. It may be necessary, as we enter new business endeavors, to develop additional data classifications.
All data found in the processing environment must shall into one of the following categories:
-
Company Data (Public)- Public company data is defined as data that any entity either internal or external to kunalitservices.com can access. The disclosure, use or destruction of company data will have limited or no adverse affects on kunalitservices.com or carry any significant liability. (Examples of Public company data include readily available news, stock quotes, or sporting information.)
-
Proprietary Company Data - Proprietary company data is any information that derives its economic value from not being publicly disclosed. It includes information that kunalitservices.com is under legal or contractual obligation to protect. The value of proprietary company information to kunalitservices.com would be destroyed or diminished if such information were disclosed to others. Most kunalitservices.com sensitive information should fall into this category. Proprietary company information may be copied and distributed within kunalitservices.com only to authorized users. Proprietary company information disclosed to authorized external users must be done so under a non-disclosure agreement.
-
Confidential Company Data - Confidential Company Data is information which is not to be publicly disclosed in any manner, regardless of its economic value. The disclosure, use, or destruction of Confidential Company Data can have adverse affects on kunalitservices.com and possibly carry significant civil, fiscal, or criminal liability. This designation is used less frequently. It is used for highly sensitive information whose access is restricted to selected, authorized employees only. The recipients of confidential information have an obligation not to reveal/share/distribute the contents to another individual unless that person has a valid need to know for the information under appropriate authorization, and verification only. Company’s confidential information must not be copied without authorization from the identified owner.
-
Confidential Customer Data - Confidential customer data is defined as data that only authorized internal kunalitservices.com entities or specific authorized external entities can access. The disclosure, use, or destruction of confidential customer data can have adverse affects on kunalitservices.com and their relationship with their customers, and possibly carry significant liability for both. Confidential customer data is entrusted to and may transit or is stored by kunalitservices.com over which they have custodial responsibility but do not possess ownership.
-
Public Customer Data - Public customer data is defined as the data that any entity either internal or external to kunalitservices.com can have access to. The disclosure, use, or destruction of Public customer data will have limited or no adverse affects on kunalitservices.com or the customer, and carry no significant liability. Public customer data is entrusted to, and may transit or be stored by kunalitservices.com over which they have custodial responsibility but do not possess ownership.
10. Asset Management
WE MAINTAIN ELECTRONIC RECORDS FOR IDENTIFICATION, CLASSIFICATION, RETENTION AND DISPOSAL OF ASSETS. THE OWNER OF SUCH A RECORD IS THE INFORMATION SECURITY OFFICER. IT IS THE RESPONSIBILITY OF THE INFORMATION SECURITY OFFICER TO ENSURE ACCURATE, TIMELY AND PERIODIC REVISION OF THE ASSET MANAGEMENT RECORDS. COMPANY-ISSUED DEVICES ARE EQUIPPED WITH HARD DISK ENCRYPTION AND UP-TO-DATE ANTIVIRUS SOFTWARE. ONLY COMPANY-ISSUED DEVICES ARE PERMITTED TO ACCESS CORPORATE AND PRODUCTION NETWORKS.
11. Product Development
OUR DEVELOPMENT TEAM EMPLOYS SECURE CODING TECHNIQUES AND BEST PRACTICES. OUR DEVELOPERS ARE FORMALLY TRAINED IN SECURE WEB APPLICATION DEVELOPMENT PRACTICES UPON HIRE AND AT LEAST ONCE EVERY SIX MONTHS.
12. Information Security Incident Response Management
WE MAINTAIN SECURITY INCIDENT RESPONSE POLICIES AND PROCEDURES COVERING THE INITIAL RESPONSE, INVESTIGATION, PUBLIC COMMUNICATION, AND REMEDIATION. THESE POLICIES ARE REVIEWED REGULARLY AND TESTED BI-ANNUALLY.
13. Notification of Breach
DESPITE ALL THE BEST EFFORTS, NO METHOD OF TRANSMISSION OVER THE INTERNET, OR METHOD OF ELECTRONIC STORAGE, IS PERFECTLY SECURE. THEREFORE, WE CANNOT GUARANTEE ABSOLUTE SECURITY. HOWEVER, IF WE LEARN OF A SECURITY BREACH, WE WILL NOTIFY AFFECTED USERS SO THAT THEY CAN TAKE APPROPRIATE PROTECTIVE STEPS. WE ARE COMMITTED TO KEEPING OUR CUSTOMERS FULLY INFORMED OF ANY MATTERS RELEVANT TO THE SECURITY OF THEIR ACCOUNT AND TO PROVIDING CUSTOMERS ALL INFORMATION NECESSARY FOR THEM TO MEET THEIR OWN REGULATORY REPORTING OBLIGATIONS.
14. Business Continuity
OUR DATABASES ARE BACKED UP ON A REGULAR BASIS AND ARE VERIFIED REGULARLY. BACKUPS ARE ENCRYPTED AND STORED WITHIN THE PRODUCTION ENVIRONMENT TO PRESERVE THEIR CONFIDENTIALITY AND INTEGRITY AND ARE TESTED REGULARLY TO ENSURE AVAILABILITY.
15. Customer Responsibilities
KEEPING YOUR DATA SECURE ALSO REQUIRES THAT USER MAINTAINS THE SECURITY OF HIS ACCOUNT BY USING SUFFICIENTLY COMPLICATED PASSWORDS AND STORING THEM SAFELY. YOU SHOULD ALSO ENSURE THAT YOU HAVE SUFFICIENT SECURITY ON YOUR OWN SYSTEMS.
16. Logging and Monitoring
OUR SYSTEMS LOG INFORMATION TO A CENTRALLY MANAGED LOG REPOSITORY FOR TROUBLESHOOTING, SECURITY REVIEWS, AND ANALYSIS BY AUTHORIZED PERSONNEL. WE WILL PROVIDE USERS WITH REASONABLE ASSISTANCE IN THE EVENT OF A SECURITY INCIDENT IMPACTING THEIR ACCOUNT.
17. Contact
IN CASE OF ANY QUERIES THAT YOU MAY HAVE PLEASE REACH TO US AT info@kunalitservices.com.