At Infoware, we are dedicated to upholding the highest standards of professionalism, integrity, and excellence in all aspects of our operations. Our policies are designed to guide our employees, partners, and stakeholders in understanding the fundamental principles that govern our organization. These policies outline our commitment to providing a safe, respectful, and inclusive environment for everyone associated with our company.
Code Security Policy
1. Policy Overview:
Infoware is committed to ensuring the security and integrity of its codebase to protect sensitive information, maintain customer trust, and comply with legal requirements. This Code Security Policy outlines the standards, procedures, and best practices to be followed by all employees, contractors, and third-party partners involved in the development, review, and deployment of code.
2. Secure Coding Standards:
2.1. All developers must adhere to secure coding practices, including but not limited to:
Input validation and output encoding to prevent injection attacks.
Authentication and authorization checks to ensure data access control.
Secure error handling to avoid exposing sensitive information.
Regularly updating dependencies and libraries to patch security vulnerabilities.
2.2. Code must be well-commented and maintain clear, understandable logic for easier review and debugging.
3. Access Control and Version Management:
3.1. Access to code repositories (e.g., Git) is restricted based on job roles and responsibilities.
Only authorized personnel should have write access to the master branch.
Branching and merging must follow the designated workflow and require code review before integration.
3.2. Two-factor authentication (2FA) must be enabled for all code repository accounts to enhance access security.
4. Third-Party Libraries and APIs:
4.1. Third-party libraries and APIs used in the codebase must be vetted for security vulnerabilities and compatibility.
Only use well-maintained, reputable libraries from trusted sources.
Regularly monitor for updates and security patches from third-party providers.
5. Data Encryption and Protection:
5.1. Sensitive data must be encrypted both at rest and in transit using industry-standard encryption algorithms.
5.2. Encryption keys and credentials must be stored securely, following best practices, and should not be hard-coded within the source code.
6. Code Reviews and Testing:
6.1. Code changes must undergo mandatory peer reviews before deployment to identify and address security flaws and coding errors.
6.2. Regular security testing, including but not limited to penetration testing and vulnerability scanning, should be conducted on the codebase.
7. Incident Response Plan:
7.1. An incident response plan must be in place to handle security breaches promptly and effectively.
Designated personnel should be responsible for coordinating incident response efforts.
Communication procedures must be established to notify affected parties and stakeholders.
8. Training and Awareness:
8.1. All developers and relevant staff members must receive regular training on secure coding practices and emerging threats.
8.2. Security awareness campaigns should be conducted periodically to reinforce the importance of code security among employees.
9. Policy Compliance and Enforcement:
9.1. Employees who violate this Code Security Policy may face disciplinary action, up to and including termination of employment.
9.2. Compliance with this policy will be regularly audited, and non-compliant behavior will be reported and addressed promptly.
10. Policy Review and Updates:
10.1. This Code Security Policy will be reviewed annually or as needed to ensure its relevance and effectiveness.
10.2. Updates to the policy will be communicated to all relevant parties, and training will be provided as necessary.
By adhering to this Code Security Policy, we contribute to the overall security posture of Infoware and fulfill our commitment to safeguarding our code, our customers, and our organization.
Last updated : 1st January, 2020
Data Security Policy
2. Information We Collect:
2.1. Client and Partner Information:
Contact information (name, email address, phone number).
Company details and job titles.
Financial information for billing purposes.
2.2. Employee Information:
Employment history and qualifications.
Financial and tax information for payroll and benefits administration.
2.3. Website Visitors:
Aggregate data on website usage patterns.
3. How We Use Your Information:
3.1. We use personal information for the following purposes:
Providing our services and fulfilling contractual obligations.
Managing client relationships and communication.
Processing payments and financial transactions.
Managing employment relationships, including payroll and benefits administration.
Improving our services and customer experience.
Complying with legal obligations.
4. Disclosure of Personal Information:
4.1. We do not sell, trade, or otherwise transfer personal information to third parties without your consent, except as described in this policy.
4.2. We may share personal information with trusted third-party service providers who assist us in operating our business and providing services to you, subject to appropriate confidentiality and security measures.
4.3. We may disclose personal information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, government agencies).
5. Data Security:
5.1. We implement appropriate technical and organizational measures to protect personal information against unauthorized access, disclosure, alteration, and destruction.
5.2. Access to personal information is restricted to employees, contractors, and agents who need access to perform their job functions.
6. Data Retention:
6.1. We retain personal information for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law.
7. Your Rights:
7.1. You have the right to access, correct, or delete your personal information. You may also have the right to restrict or object to its processing, and to data portability.
7.2. If you wish to exercise any of these rights, please contact us using the information provided in Section 9.
9. Contact Us:
6a Vardan Complex, Ahmedabad, Gujarat 380014, IN
Last Updated : 1st January, 2020
Want to Collaborate with Infoware?
At Infoware we bring you best solution for your needs. We have 16+ years of experience in software development and 3+ years of experience in e-learning platform development. Our solution ensures improvement in productivity and increment in ROI of the company. Because we know, Results matters the most.