Techkraft secures all data with encryption during storage and transmission.
Techkraft employs role-based access control (RBAC) to limit data access to only what employees need for their roles.
1.2. Logging
Techkraft uses advanced logging tools to track activities across company systems, endpoints, and infrastructure.
Logs are preserved in accordance with regulatory standards.
Automated alerts are triggered for suspicious activities, such as attempts to alter logs.
1.3. Password Security
Techkraft requires employees to use complex passwords, updated periodically.
Policies are in place to lock accounts after repeated failed login attempts, protecting against brute-force attacks.
Multi-factor authentication (MFA) is mandatory for accessing networks and APIs.
2. Application Security
2.1. Code Analysis
All software code is subject to automated testing and static analysis, with approval needed from at least two separate team members.
Updates must successfully complete automated tests prior to deployment in staging and production environments.
2.2. Credential Management
Infrastructure secrets are securely stored within Zoho Vault.
Techkraft enforces MFA for employee access to critical systems and sensitive information.
2.3. Software Development Lifecycle
Version control systems
Continuous integration processes
Automated code linting
Comprehensive end-to-end testing
Clear separation of responsibilities
2.4. Vulnerability and Patch Management
Techkraft maintains a structured process for identifying and addressing vulnerabilities, using Sophos Firewall to scan networks and infrastructure.
Systems and applications receive regular updates, with critical security patches applied and validated monthly across all servers.
2.5. Web Application Firewall
Techkraft operates a Sophos firewall to regulate incoming and outgoing traffic.
The Web Application Firewall (WAF) is continuously monitored and updated with new rules to ensure strong protection.
3. Business Continuity
3.1. Recovery Time Objective
Recovery Time Objective (RTO): Under 24 hours.
3.2. Recovery Point Objective
Recovery Point Objective (RPO): Under 24 hours.
3.3. Hosting
Techkraft relies on Amazon Web Sevices (AWS) and Microsoft Azure, which offers a wide range of services such as application hosting, cloud computing, and database management.
4. Corporate Security
4.1. Asset Management Practices
Techkraft keeps a detailed inventory of all corporate assets, encompassing hardware, software, and data.
Procedures are in place to monitor and restrict access to these assets.
Secure disposal methods are followed for retiring corporate assets.
4.2. Email Protection
Techkraft deploys strong defenses against email-related security risks.
Email security measures include spam filtering, content screening, and malware detection.
Employees receive training to recognize and avoid phishing attempts.
4.3. Employee Training
Techkraft keeps a detailed inventory of all corporate assets, encompassing hardware, software, and data.
Staff are educated on specific security measures, including password management and MFA usage.
4.4. HR Security
Techkraft’s HR processes emphasize security and regulatory compliance.
Background checks are conducted for all new hires before granting access to IT systems.
A secure offboarding process is followed for departing employees.
4.5. Incident Response
Techkraft has a clear and structured plan for managing and resolving security incidents.
4.6. Internal Assessments
Regular internal reviews are conducted to detect and mitigate potential security weaknesses.
5. Data Privacy
5.1. Cookies
Techkraft utilizes cookies and tracking technologies to analyze activity on its services, storing select data to improve service quality.
5.2. Data Breach Notifications
Techkraft pledges to quickly inform customers of security breaches, providing detailed information to evaluate the incident’s scope.
Proactive measures are taken to contain and reduce the impact of security incidents.
6. Data Security
6.1. Access Reviews
Techkraft performs quarterly reviews of access permissions for all internal applications.
6.2. Backups Enabled
Daily data backups are conducted, with annual testing to ensure reliability.
6.3. Data Erasure
Customer data is securely deleted within 30 days following the end of a contract.
6.4. Encryption-at-rest
Data at rest is protected with AES-256 encryption at both the object and volume levels.
6.5. Encryption-in-transit
Data in transit is safeguarded using TLS 1.2 or higher protocols.
6.6. Physical Security
Microsoft Azure manages the physical security of Techkraft’s data centers with stringent measures.
7. Endpoint Security
7.1. Disk Encryption
Employee workstations are secured with full-disk encryption for added protection.
7.2. DNS Filtering
Techkraft uses network monitoring solutions to track internet traffic and block malicious activity.
7.3. Endpoint Detection and Response
Techkraft employs Trend Micro DR, with all devices connected via the Trend Micro Agent application.
8. Infrastructure
8.1. Microsoft Azure
Techkraft’s infrastructure is built on Microsoft Azure, which provides:
Security groups to manage network traffic to and from resources.
Identity and Access Management (IAM) for controlling user permissions and resource access.
Comprehensive physical security measures.
8.2. Anti-DDoS
Techkraft uses Sophos firewall for continuous protection against volumetric DDoS attacks targeting networks or protocols.
8.3. BC/DR
Techkraft has a Business Continuity/Disaster Recovery (BC/DR) plan to ensure operations continue during disruptions.
The plan includes data backups, system replication, and failover mechanisms to alternate locations.
8.4. Infrastructure Security
A dedicated team of security professionals oversees and protects Techkraft’s infrastructure.
Security tools and technologies in use include:
Firewalls
Data encryption
Regular vulnerability scanning and patching
8.5. Separate Production Environment
Techkraft isolates critical systems in a dedicated production environment, minimizing risks by separating them from development and testing environments.
