1. Objective

To protect the confidentiality, integrity, and availability of all information assets, ensuring compliance with SEBI Cyber Security Guidelines, DPDP Act 2023, and IT Act 2000.

2. Encryption Standards

Data at Rest: All Personally Identifiable Information (PII) and sensitive financial data stored in our databases is encrypted using AES-256. Data in Transit: All data transmission occurs over TLS 1.3.

3. Access Control

We enforce strict Role-Based Access Control (RBAC) across all systems. Multi-Factor Authentication (MFA) is mandatory for all administrative and developer access. Principle of Least Privilege (PoLP) is applied universally.

4. Infrastructure Security

Our systems are deployed on AWS within Virtual Private Clouds (VPCs) utilizing private subnets. We deploy AWS Web Application Firewalls (WAF) to protect against OWASP Top 10 vulnerabilities, DDoS attacks, and unauthorized access.

5. Incident Response

In the event of a security incident, our team follows a documented Incident Response Plan, which includes immediate containment, eradication, recovery, and reporting to CERT-In and relevant clients within regulatory timeframes.

Information Security Policy

1. Objective

2. Encryption Standards

3. Access Control

4. Infrastructure Security

5. Incident Response