While there are enhanced regulatory requirements globally for the investment managers regarding Cyber-security measures, we understand and take customer’s data security very seriously. The CommonSubDoc infrastructure is protected by firewall and access to servers is restricted. Any PII or user authentication related data is encrypted within Database. Access to the database is only restricted to application server IP address. Along with this we are doing intrusion protection and blacklists IP address which perpetuates DDoS attack. We have anti-virus and anti-malware strategy by installing software and segregating Prod and non-prod network. We are also using AWS security groups and IAM to protect our environment further.
Along with this, we have Disaster Recovery site parallelly running in a different location from our primary data center. Disaster Recovery site is regularly tested by our IT and Business group. Various other backup and data and server redundancy strategies are in place to recover from any unforeseen situations like full loss of primary servers or partial loss of any server.
We also have various Proactive strategies to handle scaling of the server if CPU, memory or any other resource goes beyond the certain point. There is constant monitoring of alerts coming out of AWS, or our firewall and process are in place to handle alerts.
Our application security infrastructure has been evaluated by an external party, and the application has also been audited by independent auditors for SOC 2 certification.