Offshore outsourcing has gained an increased international business role in recent years. As the number of processes being off shored is increasing, so is the amount and sensitivity of the data being shared. This has resulted in the corporations and people doing trans-border business, being increasingly worried about their data security and confidentiality at the end of its counterparts. The transubstantiation of the concept of sensitive information from its abstract nature to a concrete form has necessitated the need of a strategy. This global strategy needs necessary ingredients to protect the security and confidentiality of data at every front including of allied third parties.

Moving in this direction we, Manthan have identified the need to have an advanced and effective Data Security and Confidentiality (DSC) system in our organization. This system is envisaged to cover all forms of data/information security rights recognized statutorily or otherwise. Having business with Corporations and multinational entities, it is important for Manthan to make a positional statement on data security and confidentiality.

This system in a nutshell, tries to achieve the following:

Manthan's physical security measures are designed to prevent Manthan from any act, which can cause loss/harm to the employees, IT systems and data or intellectual property of Manthan or its customers/allies. The systems prevent Manthan against any possible damage from acts of theft, fire, destruction etc.

The measures include:

Controlled and secure access (24x7) to operations floor
Each person has to necessarily register and report to the security desk before entering the operations area. Visitors and people are allowed in the operations area, only if accompanied by senior manager and after taking due permission from security desk. The log of each person entering or leaving the operations floor is maintained 24x7.

Authorized access to data center
Access to sensitive places like data center is strictly monitored and only authorized personnel like database administrator have access to the center.

Carrying Handbags/Notebooks not allowed
Employees are instructed to deposit any handbags/notebooks at the security and are not allowed to carry them inside the premises. For processes involving sensitive information like credit card numbers, bank account numbers, personal records the rules are strictly adhered and implemented.

Movement of IT hardware
Our center is bonded i.e. movement of hardware and media is strictly regulated by the Software Technology Park Authority, a national government body. Requisite permissions and log files ensure tracking of all hardware equipment and storage media.

Round-the-clock security
24-hour security of the building and our premises ensure protection against thefts. Our premises conform to all fire safety standards set by State laws.

The concept of offshoring and BPO has arisen due to advances in IT systems, yet they are most vulnerable and need to be protected to ensure smooth operations. Manthan has taken adequate security measures to safeguard both Manthan's and the customer's interest. A brief of the data security measures taken by Manthan are listed below:


VPN Support
Manthan encourages use of a VPN connection with its clients. This enables Manthan team to work remotely on client's systems thus minimizing the need for file transfer to Manthan servers and thus minimal security issues.

Encryption using firewall for data transfer
Data transfer is carried out through firewalls using which data is encrypted at source, travels through VPN and is then decrypted at destination. The corporate firewall of Manthan is a dedicated system sitting between our private network and the Internet.
The firewall is running RedHat Linux-7.1 with kernel 2.4. The firewall is utilizing Netfilter (IPTables) and network address translation facilities. The default policy is "DENY" to the internal network from the external world. This safeguards data from being accessed by external systems.

Password authentication
User identification with password is required for using a desktop computer, and all network resources. A desktop computer is assigned to every employee with separate logins for each user. The ISD administers the software installed on each desktop, and on the networks. Monthly password change is enforced, and periodic audits of user accounts are carried out. Employees, who are given corporate email identities for data maintaining customer contact, follow guidelines for email usage, which is
monitored. For all desktops and servers detailed logs are created.

Data Backup
Frequent data backups are made on the server and writeable media like CDs or magnetic tapes. The frequency of updates is process-dependent. Local caching of reports on desktops is strictly forbidden.
A policy for data security defines the procedure, frequency, and scheduling of backups. Integrated backup management software facilitates this process. The backups are logged and stored in a fireproof cabinet, and one backup is stored at an offsite location.

Virus Protection
All desktops and servers are scanned for viruses daily. Software from external sources is scanned before use. This includes Internet mail too, which is scanned by the e-mail gateway.

"Chinese Wall" between Internet and data transfer & storage
Separate desktops are allotted for Internet access to prevent any data transmission outside Manthan Legal systems. We also use separate servers for Internet usage and data transfer & storage for additional security.

Administrator Access
Administrator level access to all servers and firewalls is provided exclusively to the system administrator, and only through the system console. Dialup users are not allowed such access. Other controls for such access include two-level authentication, log-outs based on inactivity timed, log-in freeze after multiple log-in failures, and restrictions on simultaneous sessions. Daily audits of the system log help detect unauthorized use, if any. Remote access to the Manthan network is restricted to a very limited set of users. Firewalls are kept in physically secure locations. The IS department effects changes to the firewall configuration, for example to add a new service, not required from the console.

Data confidentiality with Vendors
All technology and services vendors to Manthan are subject to an agreement to ensure that they do not pose any threat to network and systems security. The users are also made aware of the importance of systems and network security. Confidentiality agreement is a part of each contract that Manthan signs with its vendors for protection of client information.

Audits
Organization wide audits of IT systems and data security are carried out every quarter. Additionally process/project specific audits are done monthly to ensure conformance to data security commitments.
Additional security measures are taken on request of the client and are dependent on needs of the project in question.