Operational Security

Logging and Monitoring

We record information gathered from services, internal network traffic, devices, and terminals as event logs. The automatically monitored logs help us identify anomalies such as unauthorized attempts to access our confidential data.

Vulnerability Management

Our vulnerability management process uses a combination of in-house & certified third-party scanning tools and automated testing to actively scan security threats. Furthermore, our security team actively reviews inbound security reports and monitors public mailing lists, blog posts, etc., to identify security incidents that might affect the company’s infrastructure. We identify a vulnerability requiring remediation and report it to an owner. The owner identifies associated risks and tracks the vulnerability. Further, it is closed using relevant controls or by patching the vulnerable systems.

Malware and Spam Protection

CloudLIMS uses Google Workspace for email and other communication & collaboration purposes. All emails & attachments are scanned and filtered for spam, malware, and phishing. We use Domain-based Message Authentication, Reporting, and Conformance (DMARC) that uses Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to verify the authenticity of messages and prevent spam. All the network traffic is routed through a firewall with strong security policies. Endpoint protection is installed on all the systems. Firewall and Endpoints are updated on a regular basis to update definitions and apply the patches.

Data Backup

We back up customer data thrice a day. Backup data is stored on the same server and also on mirror servers. We store backups and retain them for a month. We restore the data and provide secure access when a customer requests data recovery within the retention period. Data restoration time is based on its size and complexity. We schedule and track all backups regularly and a re-run is initiated in case of a failure. We also check the integrity and validity of all backups periodically. We strongly recommend that our customers schedule regular data backups by exporting the data from the respective services and storing it locally in their infrastructure.

Disaster Recovery and Business Continuity

Application data is stored on a robust storage system and is replicated across data centers. Data in the primary Data Center (DC) is replicated in the secondary center in near real-time. The secondary DC takes over when the primary DC fails. The operations are carried on smoothly with no loss of time. In addition to the redundancy of data, we have a business continuity plan for critical functions.