Whenever businesses opt for services like accounting, bookkeeping, payroll or taxation, a lot of sensitive data needs to be shared with the service provider. At Initor, we handle such data with extreme caution and ensure complete security and confidentiality of client data.
Data privacy and data protection of our clients is of utmost importance for us. To accomplish this we meet all the standards of GDPR and we are a certified GDPR compliant company. We have extremely stringent policies for data security and confidentiality.
We also have ISO 27001-2013 certification for maintaining the most standard Quality Measures for Information Security.
Certified GDPR Compliance
As a GDPR compliant company, we have defined robust IT and Infrastructure policies to implement physical as well as IT related aspects of data security.
We have closed circuit cameras installed in our premises for 100% surveillance of our work place.
The entrance of our workplace has an access control system which permits only controlled entry into the production areas.
The access to our server room is controlled and restricted. Only the IT team is authorized to enter the server room. The entry/exit is managed by authorized access cards only.
None of our workstations have CD R/W drives.
We strictly follow the “No External Device” rule due to which we have disabled the USB ports at all workstations.
We ensure complete protection of the Document storage area.
Our company is a mobile free zone and it is compulsory for all employees to keep their mobile phones outside the work zone.
All workstations are installed with the latest anti-virus software which checks for updates daily. We have a daily quick scan scheduled for each workstation. Boot scan and full scan of each workstation is scheduled for a weekly and monthly basis respectively.
We have anti-malware software on all computers which does a quick scan twice a day.
Default windows firewall software is configured to protect access to company’s network.
Every machine is password protected. It is mandatory for each user to change the password of his/her machine every 42 days.
The access to client information is highly restricted. Some authorized users may have access to selective information of the clients they are working for.
We have different account management policies like deactivation of accounts after separation of affiliation. The account access requirements are reviewed regularly for changes.
We have implemented session controls on all the workstations for additional security. If any workstation is unattended for 5 minutes, the server is configured to automatically lock the workstation. It then requires re-authentication to unlock again.
We have multiple backup operations scheduled to prevent the loss of data like.
Previous Version Backup : Scheduled for twice a day
Differential Backup : Scheduled weekly
Full Backup : Scheduled Monthly
No user is allowed to access personal email accounts. The access and usage of many internet sites is also restricted and controlled.
We believe in a paperless environment because we are an eco-friendly company and additionally it ensures better security of data.
With IP authentication we restrict outsider access to confidential information within the office.
We have drafted a detailed “Data Protection Policy” in compliance to the GDPR. We consider all the data and information provided by the client as confidential and strictly the property of the client.
We have made our company a zero data breach zone with our stringent “Data Breach Policy”. As per this policy no one at Initor shall ever disclose any client information to any third party without the prior consent of the client.
Our “Data Retention and Destruction Policy” states that all raw and processed data whether in electronic format or in printouts will be destroyed once the work is over.