Information Security & Privacy

Your data is safe with us

At Elemetrik, we take security of your data very seriously. Many of our customers come from the most highly regulated & security-sensitive industries in the world, having a wide variety of security & privacy needs. With this in mind, security is of utmost importance to us. We are ISO 27001:2013 certified & we understand the importance and sensitivity of client & employee data and are committed to ensuring that high information security & privacy standards are maintained at all times. Take a glimpse of Elemetrik’s security measures mentioned below.

ISO 27001:2013 Certified

We are ISO 27001:2013 certified, a globally recognized, standards-based approach to information security management. All standards & regulations are validated by independent third-party audits. All ISMS policies are implemented & available at request.

Our information security & privacy team conducts risk assessments & prepares risk treatment plans to mitigate any identified risks, this aids us continuously improve our security controls.

GDPR Compliant

Given the space we are in, it is necessary for companies leveraging our products to collect, store & share the personal data of clients & their candidates/employees. We aim to ensure that private individuals’ data is processed transparently & only for the specific purposes for which data is collected.

We have taken technical & organizational measures to ensure the processing of any personal data meets the requirements of applicable data protection law. When building new product features, we apply “privacy by design” principles to enhance the privacy readiness of our product.

Data Encryption

Data-in-transit is protected by the implementation of TLS protocol to encrypt & transfer data between the server & browser. We use SSL certificate TLS 1.2, TLS 1.3 & data is transmitted over HTTPS.
All sensitive data is encrypted using AES 256 algorithm, the common name for the Advanced Encryption Standard (AES) block cipher, & stored in the database.

AWS KMS (Key Management Service) is used to encrypt data within applications & control the encryption of stored data.
Login credentials are encrypted using hashing technique & stored in the database.
Active Directory authentication can be availed upon client’s request.

Data Backup

Elemetrik databases & servers are hosted on AWS (Amazon Web Services). It provides efficient & re-sizable capacity with high availability & easy scalability. Data is backed up regularly & all backup are verified to ensure that it is restorable on monthly basis.

We offers AWS based following backup mechanisms:

Automated backup: This functionality automatically performs a full daily snapshot of a database’s data.
Point-in-Time snapshots: RDS database snapshots are user initiated. Unlike automated backup, which is performed once a day, point-in-time snapshots can be performed as many times as desired.

Data Center & Environmental Security

Elemetrik application & servers are hosted on AWS (Amazon Web Services) environment in Ireland & USA.

To access AWS the accounts MFA is enabled on the devices of authorized DevOps & root account access is strictly restricted. For logging & monitoring of activities, cloud trail & CloudWatch features in AWS are used in all regions to maintain history of AWS API calls for an account. AWS assures 99.999% of availability for our hosting infrastructure. In the event of any network/hardware failure, we can easily setup the application in a different region & bring back the services quickly. All our services are continuously monitored by ELK stack, Check MK and site 24×7. In case of any interruption in the services, our production support team is alerted & the problem is attended to immediately, thereby ensuring best possible up time.

Network Security

Security, within our cloud server, is provided on multiple levels: the operating system (OS) of the host platform, a firewall, & SSL/TLS signed security HTTPS request calls. Each of these items build on the capabilities of each other.

The goal is to prevent the data contained within the server from being intercepted by unauthorized systems or users & to make the network & cloud environment as secure as possible. We also use Trend Micro’s IPS & IDS.

Development Process

Our development & QA teams are trained regularly on web application security threats & ways to avoid the same. We conduct regular VAPT for our applications based on OWASP principles. Application & network level securities are put in place to protect the software against security issues such as:

Distributed Denial of Service (DDoS) Attacks
Man in the Middle (MITM) Attacks
IP Spoofing
Port Scanning
Packet sniffing by other clients

End-point Protection Controls

Endpoint controls including restricted internet access at network and system level are implemented. We secure our network parameter, end-points & implemented policies by using following solutions:

Endpoints are protected by Antivirus/Antimalware solutions. We uses Bitdefender/ Windows defender as official & formally accepted software application to defend against malware of any kind
UTM (Firewall, IPS/IDS and content Filtering) is installed

Domain Controller/AD policies for access restrictions, USB disable, system admin rights are used
All connections are secured using VPN with mandatory tunnel mode