Data Security

Our Data Security

  • Most of the tax consulting firms are not equipped with handling clients’ data security, since it is very expensive, they all claim they have all the measures to address security breaches in place, but they generally have none of the required measures. Imagine the data threat you face with these tax companies, 30% of our revenues go for data security. Our main aim is to provide accurate tax estimations with high level of tax knowledge with extremely high levels of data security.
  • We work hard to protect our client’s data, so that they can rest assured about our data security and privacy measures. As a trusted provider, we are fanatic about learning, implementing, and sharing insights, about new developments in latest technology related to data security. We actively monitor our security systems 24/7 onsite and remotely as well to prevent any data security breaches. We deeply think about security in a 360 Degree Holistic manner that covers all aspects related to data security.

We are glad to let you know below the measures which have been implemented for the safety of our precious client’s data

We have sophisticated firewalls which have been deployed at all external network connections and our firewalls are rigidly configured with a strict policy that all services are accessdenied unless expressly permitted.

We also haveprocesscriteria to evaluate the risk of protocols/ports before implementing them on the firewalls.

Our outgoing traffic is directed through external proxy servers to minimize data risk and leakage. Realtimeloggingis enabled on all firewalls, routers, and proxy servers and we have an authenticated process in place to review the logs regularly.

Our firewall(s) and proxy server(s) are configured on a server-hardened platform, withsecured functionality (for example All unnecessary applications are removed) Access to all firewalls, routers, and proxy servers is highly restricted to only authorized people who need to manage these sensitive network devices.

Our system administrators remotely access the routers/firewalls which are securely authenticated by using one-time passwords, multi-factor authentication, or encrypted login sessions. We have a process in place to ensure ourrouters/firewalls have the latest firmware and software and are patched regularly with the latest security updates from the respective vendors.

VPN remote access has been implemented with a robust personal Firewall system in place and this VPN access to our computers is managed by cloud-basedand hardware-based firewalls.

We do have processes in place to revoke VPN authentication as soon as their project has been completed or theneed to access the VPN resources expires.

Our system development methodology addresses the information security aspect during the discovery and development phases. We do perform a security code review during each phase of software development.

We have separate isolated environments for each of our customers for the development and testing of systems.

We keep backups of business-critical data done which is done daily and have anonline mechanism to verify backups authenticity. We periodically restore information from cloud-based/ data backup tapes to ensure data integrity.

Our backup tapes are kept in an environmentally controlled and restricted area with limited access, and we do not store tapes off-site for data security reasons. We conduct regular comprehensive audits for all the backup tapes in our possession.

By proactively obtainingthe latest security patches and updates and server surface hardening techniqueswe keep our server secure regularuse ofprocesses toidentify the network, application, and OS-based systems vulnerabilities are conducted.

We use automated tools to assess system threat vulnerabilities and have methods and processes in place to simulate DDOS attacks and test server preparedness. We do have a security checklist for each OS deployed at our companyand regularly perform audits (Internal and External) against ourISO-approved security checklists.

Our system security checklists are updated on a regular basis in line with international standards Our applications have superuserprivileges for high-level admin access and use logon banners on all our systems.

A regular audit and review of all super users are conducted and revised periodically. Anti-Virus software running on all our Microsoft Platforms (Servers, Workstations. PC and Laptops) and have also rolled out Anti-Virus Software on all our email serversto prevent virus attacks.

Our Email servers are configured to check all incoming and outgoing emails for viruses, spam, Ransomware, and other malicious threats.

A strong procedure has been established sothat all the servers, user machines, and laptops are configured to automatically install the latest Anti-Virus Definition Files and updates. We do have a mechanism in place to check all FTP inbound and outbound file transfers for viruses.

Each user account is designed to prohibit concurrent access (For example User cannot be logged in from two different machines at the same time). All our user accounts are disabled on the user’s exit date from the system. Our systems disable user accounts after a period of a certain period ofinactivity.

We periodically reconcile system accounts to verify existing users through security audits. Our systems are programmed to lock user accounts after several failed logins. The use of SSO has been enabled for a single person login into all platforms & instances. Our privileged accounts which are created for emergency management are 100% audited and tracked andprivileged accountshave root or admin privileges.

Periodic disabling of all default accounts, in all our server applications (Example: Oracle’s default DBA account and Oracle’s default account, Windows default remote assistant accounts, etc) is done to enhance security.

It is Mandatory for users to change their passwords at first sign-on and we have a system of used password expiry, these passwords cannot be reused within a span of 30 days, additionally weak passwords are identified and force the user to change them before login. Regular Social engineering audits are conducted to keep our password admin systems secure to prevent hacking.

We frequently initiate security audits on ourbusiness-critical systems like adminservers and log all attempts of failed logins. We have a process in place to review security audit logs in a timely, consistent manner and act upon any threats identified during these reviews.

We have automated our alerting / notification process that is initiated when defined security thresholds are exceeded with auto triggers and usenetwork-based Intrusion Detection (IDS) products on interconnections points includingthe Internet, web-hosting platforms, 3rd party connections, etc.

Periodic network penetration studies are analysedeither using internal audits or through external consultants. Additionally,our business-critical networks have Switches, so sniffer software is ineffective against our servers. An advanced intrusion detection system on our network is frequently reviewed to ensure appropriate coverage.

Processes have been established for users to report when they have identified a potential virus on their systems and a documented Security Incident Response procedure as well. Employee training on the Security Incident Response procedure is done on a periodic basis and drills are conducted to verify the readiness of our organization to handle any security-relatedincidents.

Our comprehensive business-mandated Disaster Recovery Plans (DRPs) are active, covering any aspect of partial or full loss of Services, Critical Applications, or Physical facilities at any point of time and using disaster recovery facilitiesin a different geographical locationthat are geographically independent.

In addition to the above employees are trained on DRPs, and periodically updated every three months. All DRPs are managed by an independent qualified team which is signed off by the CIO or CTO who also analyses the business impact ofbusiness-critical applications. Additionally, regular training sessions are conducted for all relevant personnel on backup, recovery, and contingency operating procedures as required.

As an important aspect of asset security,all laptops of our business are physically secured and users are instructed to perform backups on a regular basis, on all laptops containing business and customer critical data and use industry-standard encryption techniques.

In addition to the above employees are trained on DRPs, and periodically updated every three months. All DRPs are managed by an independent qualified team which is signed off by the CIO or CTO who also analyses the business impact ofbusiness-critical applications. Additionally, regular training sessions are conducted for all relevant personnel on backup, recovery, and contingency operating procedures as required.

Great attention is paid to the physical security of our facilities, these include proper ID badges issued to all working personnel (Permanent, Contractor, Agency temporary). These are to be always displayed in our facilities. Additionally, badging lists are reviewed every two months and we have a visitor control procedure.

Our buildings are protected by fire detection/suppression systems and have intrusion detection systems with CCTVs motion detection as required and have a comprehensive maintenanceplan to keep our systems operational and smoothly functioning.

Highly qualified security agencies manall our sites keeping business and customer critical data safe 24/7 365 to prevent unauthorized entry and exit. We also conduct random inspections as needed.

All physical security breaches are logged and investigatedthoroughly and reported to the senior management for investigation and corrective action.

These areas have specificprocesses to restrict access, to computer centres onlyto authorized people as per business needs. Non-usage of external signage and external reference is done to prevent physical sabotage and we have detailed guidelines for server planning and deployment and the security policies to be followed for the same.

We employ full-time Information Security Officers, working in rotational shifts, and have roles and responsibilities for protecting our assets and implementing security measures. These havebeen explicitly defined and communicated to all the departments/groups.

We have a formal risk analysis process, which has been implemented to assist management in identifying security threatsSecurity Policies are briefedand communicated to all employees, including third-party personnel and contractors.

All employees mustformally acknowledge adherence to the Information Security Policies before onboarding and regular audits to measure compliance with the Information Security Policies are conducted.Additionally, employees must acknowledge compliance with security policies every quarter.

ISO standard audits are in place to update security policies and have strict controls to restrict unauthorized export of data from our servers• Additionally a copyright compliance policy has been communicated to all users avery strict E-mail andinternetusage policy has been implemented and we take action againstemployees who use E-mail in contradiction to the policy and have zero tolerance towards the same. An agreementmust be signed by our employees accepting compliance with the internet policy.

Our employees have been instructed to challenge strangers or unescorted visitors in non-public areas and do periodic spot-checks of our users’ workspaces to monitor compliance with the InformationSecurity protection program.

We have a clear desk policy.

We have a formal, ongoing Security training program to identify and avoid ‘social engineering attacks as well as competitive intelligence probes.

We educateour users on how to report suspected security violations or vulnerabilities and send regular bulletins to our employees, alerting them to risks and vulnerabilities involved in computing, including basic tasks such as backup, anti-virus scanning, and choosing strong passwords. IT Security is emphasized through signage throughout the premises, and we strictly prohibit transmission of corporate data ontopersonal systems and give awareness to our employees about the legalities involved in using the software and related data.

Through a thorough process of recruitment, all workers (including contractors &third-party personnel) are subjected to history and background checks Like Reference checks, and criminal record checks.

Our Human Resources (HR) department regularly provides thesystem administration team with a list of workers who are Exiting or transferred within the company. A No dues policy is mandatory before employee exit release is given.All assets including Company property (badges, company credit cards etc). (b) Tools of the jobs (laptops, mobile phones, remote dial-in access cards, modems etc.) are accounted for and checked by the concerned team.

We strictly follow the emergency program for immediate removal of an employee’s system access when the departing employee is identified as a disgruntled or high risk.

We have up-and-runningaccess/exit controls employed in our facility.

When our employees leave, we (1) check to see if they have sponsored accounts or badges for guests.(2) We question them on continued need, and (3) Assign new sponsors.

We have detailedchange control procedures to manage all modifications to the development environment (software, hardware, networks). We regularly upgrade and perform change control.

Our Physical Security (Example: power control, locks, entrance cards) is also an essential part of our change control process. We have a documented procedure for performing emergency changes outside the change control process as required.

Refer Your Friend

You don’t just get great benefits from Grand tax filers alone, just refer your friends today to and win a host of prizes, including Apple iPad, Iphone MacBook and $1000 in hard cash. Just click on the refer button below to send an email now.

Our Referral Prizes

Refer a friend and get a chance to win IPAD, IPHONE, MAC BOOK and cash $1000

Card image cap
Chance to win $1000

for 2 Referrals

Card image cap
Chance to win IPad

for 2-5 Referrals

Card image cap
Chance to win IPhone

for 5-10 Referrals

Card image cap
Chance to win Mac Book

for 10+ Referrals