Data & Information Security Policy
At Shridhar InfoSec Solutions, protecting information is fundamental to who we are. This Data & Information Security Policy describes the principles, controls and commitments we uphold to safeguard the confidentiality, integrity and availability of the information we handle — including the data our clients entrust to us.
01. Purpose & Scope
This Data & Information Security Policy sets out how Shridhar InfoSec Solutions ('SIS') protects the confidentiality, integrity and availability of information — both our own and that entrusted to us by our clients. It applies to all employees, contractors, systems, applications and data assets across the organisation.
02. Our Security Commitment
As a cybersecurity and GRC firm, security is not just a service we provide — it is a principle we live by internally. We are committed to safeguarding information against unauthorised access, disclosure, modification, loss or misuse, and to continuously strengthening our security posture in line with evolving threats and industry best practices.
03. Governance & Framework
Our information security programme is built on recognised standards and frameworks and is aligned with the regulatory expectations of the sectors we serve. It draws on ISO/IEC 27001 for information security management and risk-based controls, and on SOC 2 principles for the security, availability and confidentiality of client data. Where applicable, it is also aligned with the requirements of the RBI, SEBI, IRDAI and data-protection regulations such as the DPDPA and GDPR. Clear roles, responsibilities and accountability for security are defined across the organisation.
04. Data Classification & Handling
Information is classified according to its sensitivity, and handled with controls appropriate to its classification. Confidential and client data is subject to the strictest protection, and is only accessed, stored, transmitted and disposed of through approved, secure methods.
05. Access Control
We enforce the principle of least privilege — individuals are granted only the access necessary to perform their roles. Access to sensitive systems and data is protected through strong authentication, multi-factor authentication where appropriate, and regular access reviews. Access is promptly revoked when no longer required.
06. Encryption & Technical Safeguards
We apply strong technical controls to protect information. Sensitive data is encrypted in transit and, where appropriate, at rest. We maintain secure network architecture, firewalls and endpoint protection, and we harden configurations and apply timely patching across our systems and applications. Our development follows secure coding practices with code review to reduce the risk of vulnerabilities being introduced.
07. Threat & Vulnerability Management
We proactively identify and remediate weaknesses through vulnerability assessments, penetration testing and continuous monitoring. Findings are prioritised by risk and addressed through a structured remediation process, reflecting the same rigour we bring to our clients' environments.
08. Incident Response
We maintain a defined incident response process to detect, contain, investigate and recover from security incidents. In the event of a data breach affecting personal information, we act promptly to mitigate impact and notify affected parties and regulators as required by law.
09. People & Awareness
Our people are a critical line of defence. All employees are bound by confidentiality obligations and receive regular security awareness training covering phishing, safe data handling, password hygiene and their responsibilities under this policy.
10. Third-Party & Vendor Security
We assess the security posture of third-party providers and partners who may access or process information on our behalf, and require them to maintain appropriate safeguards and confidentiality commitments.
11. Business Continuity & Backup
We maintain backup and recovery measures and business continuity arrangements designed to ensure the availability of critical information and services, and to enable timely recovery in the event of disruption.
12. Continuous Improvement
Information security is an ongoing commitment. We regularly review and improve our controls, policies and practices through internal audits, risk assessments and lessons learned, adapting to new threats, technologies and regulatory changes.
For any questions regarding this data & information security policy, please contact us at info@shridharinfosec.com or call +91 932-866-7642. Shridhar InfoSec Solutions, B-338, Emerald One, Jetalpur Road, Vadodara, Gujarat, India - 390007.