Security: Difference between revisions

Data Backup & Security Policy

OSSPL makes it a priority to take our users’ and clients' security, privacy and data integrity concerns seriously. We strive to ensure that data is kept securely, backed up safely to provide our services in an efficient and effective manner.

OSSPL uses robust OS technology for Internet security that is available today. In addition, cloud technology itself is designed and customized in a manner where data integrity is decentralized and stored in at-least in three separate Geo-locations with fail-over provision. However, the nature of mixed private / public content networks, such as our platform, allows for private data to be separately maintained from what is accessible to other members of the network.

This Security Statement and backup policy is aimed at being transparent about our security and integrity infrastructure and practices, to help reassure you that your data is appropriately protected.

Data Backup and Retention

General

Daily Backup: Incremental backups are performed daily within each customer's account of all the cloud data in that account. This backup forms part of the data-usage of the account.

Periodic Backups: Full Weekly and Monthly backups are taken of the entire OSSPL network, including cloud private data, and these are kept on a separate secure server.

Independent backup: We advise that you take regular backups independently and download any data that might be critical to your organization.

Accessible Data/Archive

Your Data: For an active account that is within its limits of clients, instruments and data-storage, your data will continue to be made available to you without archiving or removal.

File Restoration Methods

If you need to recover data, you will need to contact OSSPL to request your data to be restored. You can contact us at support@osspl.com. We will make every endeavor to have your data restored as soon as possible.

Backup Technologies

Cloud data, including, but not limited to, documents, images, and some user information, is stored on our in-house geo-distributed servers in India and Directi cloud storage in US. Production environments have their cloud data backed up daily.

Application and User Security

SSL/TLS Encryption: All interactions with OSSPL are done over a Secure Socket Layer (SSL) connection which protects communications by using both server authentication and data encryption. This ensures that user data in transit is safe, secure, and available only to intended recipients.

User Authentication: User data on our network is logically segregated by account-based access rules. User accounts have unique usernames and passwords that must be entered each time a user logs on. OSSPL issues a session cookie only to record encrypted authentication information for the duration of a specific session. The session cookie does not include the password of the user.

User Passwords: User application passwords have minimum complexity requirements. Passwords are individually salted and hashed.

Data Encryption: Certain sensitive user data, such as account passwords, is stored in encrypted format.

Data Portability: OSSPL enables you to export your data from our system in a variety of formats so that you can back it up or use it with other applications.

Privacy: We have a comprehensive privacy policy that provides a very transparent view of how we handle your data, including how we use your data, who we share it with, and how long we retain it.

Physical Security

Data Centers: Our primary cloud network is hosted by in-house cloud and designed using the latest technology to specifically guarantee powerful performance, reliability and security.

Redundancy: Multiple levels of redundancy have been built in to ensure consistent high performance. Production environments are…

Network Security

Security Policies: The servers are also fully compliant with the latest security policies and audit guidelines, in order to have private data stay private and protected at all times.

Security Monitoring: All servers are continuously monitored for potential security breaches with immediate warning to us in the event of a network security incident.

Payment System

Risk Free Payments: OSSPL offers payments through third party CCAvenue gateway or direct deposits.

Organizational & Administrative Security

Training: We provide technology use training for relevant clients and employees. Service Providers: We screen our service providers and bind them under TOS / contract to appropriate confidentiality obligations if they deal with any user data.

Access: Access controls to sensitive data in our databases, networks, systems and environments are set on a need-to-know / least privilege necessary basis.

Software Development Practices

Coding Practices: We use best practices and industry-standard secure coding guidelines. Our open source codes are publicly available for audit in Github and other repositories.

Handling of Security Breaches

Despite best efforts, no method of transmission over the Internet and no methods of electronic storage are perfectly secure. We cannot guarantee absolute security. However, if OSSPL learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under the applicable jurisdiction(s), as well as any industry rules or standards that we adhere to. Notification procedures include providing email notices or posting a notice on our website if a breach occurs.

Your Responsibilities

Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing your private key information safely. You should also ensure that you have sufficient security on your own systems, to keep any data you download to your own computer away from bad actors. We require SSL communication to secure the transmission of data, but it is your responsibility to ensure that your systems are configured to use that feature appropriately.

Custom Requests

Due to the number of customers that use our service, specific security questions or custom security forms can only be addressed for customers purchasing a certain SLA plan with OSSPL. If your company has a large number of potential or existing users and is interested in exploring such arrangements, please contact your OSSPL representative.

Exclusions

For sandboxed or test server deployments, the following are excluded from the policy: Data Backup and Retention