Data Security | Security, IT and Infrastructure

Global Standards of Information Security and Data Protection

ISO 9001:2015

We are an ISO 9001:2015 certified company. The ISO 9001:2015 is the international standard for quality management system. This certification ensures that we meet the required standards for customer focus, leadership, people engagement, process driven approach, process improvement, evidence-based decision making and relationship management in all our core functions.

ISO 27001:2022

We are an ISO 27001:2022 certified company. The ISO 27001:2022 is the international standard for ISMS – Information Security Management System. This certification ensures that we meet the required standards for information security policies, physical security, environmental security, asset management, compliances and a host of other standards that we use to establish, implement, maintain and continually improve the information security management system.

Security Measures

Our security standards and protocols ensure that we can mitigate security threats and vulnerabilities

Best-in-class infrastructure deployment

Industry best standards of security

Continuous review and improvement

Physical Infrastructure

We adhere to some of the most rigorous infrastructure procedures to ensure utmost security

Dedicated Infrastructure

Fixed office and workstation for every employee

Access Control Systems

Designation-based employee access to each office floor

Video Surveillance

24/7 surveillance by CCTV cameras

Mobile Phone Restriction

No cell phones allowed on the floor

Restriction on Printing of Documents

Team leads and higher ranks have printer access

Fire Safety

Necessary fire safety equipment in place

Latest configuration in desktops and other IT assets
Upgradation of computers and other equipment every 3-4 years
100% uptime via dual leased line internet connections
Multiple backup systems through UPS (Uninterrupted Power Supply) and diesel generators
CloudPBX (Ring Central) for phone communication
24/7 IT support and helpdesk management system
Communication software like Remote PC, Zoom, Go to Meeting, Microsoft Teams etc.
Taxation software like Drake, ProFx, Pro Series, Lacerte etc.
Accounting software like QuickBooks Desktop, QuickBooks Online, XERO, SageIntacct etc.

Security Control Policies

SSL VPN for employees who work from home

Firewall with content filter and website filter

Firewall with content and website filters

Password protected systems

Group email ID by client

Folder access rights to client specific teams

Secure internet browser through anti-virus & firewall

Secure internet browser through anti-virus and firewall

Whitelist domain – only authorized person can send email(s)

No USB access or cell phone access

No access to office Wi-Fi on private cell phone

Access to Client’s Data and Server

Access to client’s server in secured environment through VPN / secured RDP / Citrix

Access to client’s data only to the users working on client’s account

User rights are defined based on their designation

Password protected accounting system

Role-based accounting system rights

Access to dedicated group e-mail ID, fax number or secured FTP to share documents

Data Security Measures

Strong Passwords

Strong password protocol through combination of capitals, lower-case letters, numbers and special characters

Tough Firewall

Network protection via stringent firewall configuration that filters incoming and outgoing internet traffic

Anti-virus Protection

Anti-virus and anti-malware enabled company data protection. It neutralizes viruses, adware, worms, trojans and so on

Regular Updates

All computers are regularly patched and updated by a central server

Secure Every Device

Disk level data encryption and password restricted user access in all company devices

Scheduled Backups

Rigorous implementation of pre-scheduled data backup sessions

Knowledge Transition on Data Security

Regular employee trainings to increase data security awareness

PABS Security Program (Policies and Procedures)

Acceptable Use Policy

This policy specifies the constraints and practices that an employee must agree in order to use organizational IT assets and access the PABS network or the internet. It is a standard onboarding policy for new employees.

Access Control Policy

This policy defines employee access with regards to PABS data and information systems. It includes access control standards and implementation guides. The policy has standards for user access, network access controls, operating system software controls and complexity of passwords.

Change Management Policy

The policy refers to the formal process to make changes in IT, software development and security services/operations.

Information Security Policy

The information security policy covers a large number of security controls. It pushes employees to be accountable and follow the rules with regards to sensitive information and IT assets.

Incident Response Policy

This policy outlines an organized approach towards incident management and offers remedies for the operations.

Remote Access Policy

This policy documents and defines acceptable methods of remotely connecting to PABS internal networks.

Email Communication Policy

The email communication policy documents the employee usage of various electronic communication mediums defined by PABS.

Disaster Recovery Policy

This policy talks about the disaster recovery plan as part of the business continuity plan. In case of a disaster, the disaster recovery policy is initiated.

Business Continuity Plan (BCP)

The BCP policy describes the operation of PABS in an emergency situation.

Security & IT Infrastructure