Security


Mukesh Kulal

2023-12-13 18:33:57


ERP software contains huge amounts of confidential or sensitive data which is trivial for the organization. 

 

Elements of our data security:

Confidentiality: Data is accessed only by authorized individuals.

Integrity: Data available is accurate and precise.

Availability: Data should be available all the time.

 

User Authentication:

  1. Company Code
  2. Login
  3. Password should contain: (1) Minimum 8 characters (2) A special character (3) A uppercase letter (4) A lowercase letter (5) A number
  4. Mobile OTP
  5. Email OTP
  6. Face Recognition
  7. Unique session ID per user per session
  8. Maximum 3 attempts to login per minute

 

Data Security

  1. Data is protected by 256bit encryption SSL that encrypts data that is transferred to and from the server
  2. Encryption algorithm: SHA256
  3. Encryption at rest for password related information

 

Data Center Security

  1. Data centers are located in highly secure zones under strict surveillance.
  2. Access to the servers is restricted to authorized personnel.
  3. Sensors such as, for fire detection are continuously monitoring for any outward incidents and compliance with international standards.
  4. Powered by two seperate power supplies in case of outages.

 

Server Security

  1. Direct access to both application servers and database servers is controlled and limited to authorized personnel. 

  2. Servers are protected by Anti DDOS protection. It provides services with round-the-clock protection against all types of DDoS attack, without any limitations in terms of volume or duration

  3. ISO certification by external auditors. Click here to view the report.

  4. VAPT (Vulnerability Assessment and Penetration Testing) certification by external auditors. Click here to view the report.

  5. HSTS enabled

  6. All fields are restricted to maximum lengths (text type: 1000 chars, textarea type: 10000 chars, date: 21 chars, time: 17 chars) by default which can be modified using change request.

  7. Click here to see the live report on server security

  8. System will accept files with following attachment types only: png, jpg, gif, pdf, rar, ppt, pptx, docx, doc, xls, xlsx, jpeg, csv, json, eml, msg, mp4, webm

  9. System will not accept files with double extension or file having more than one (.) symbols.

 

Frequently Asked Questions (FAQs)

  • Q. The system must provide end-to-end security solution which protects ERP application, Services, data and the infrastructure from any external attack or hacking

A. This is taken care of by allowing only selected IPs for SSH access. No other ports are open from outside except 443 for web application

  • Q. Using firewalls and intrusion Detection Systems such attacks and theft should be controlled and well supported (and implemented) with the security policy

A. Firewall and Anti DDOS protections are enabled on the servers

  • Q. The security implementation shall cover all three layers namely physical, network and transport layers

A. This is achieved by using SSL and TLS

  • Q. Data Exchange between ERP application and POS application must be secure

A. All data transfer from and to ERP application is using SSL

  • Q. Customers must have complete control and ownership of all related data. No data should be taken out of the system without necessary approval of the customer

A. Yes. For this we have an NDA in place. Customer must give in writing if they wish to take the data out of the system