The confidentiality of your project is of utmost importance to us. At ST Websoft, we take adequate measures (in terms of physical security, data security, etc.) to provide a secured development environment. We consider project & data confidentiality as a critical element for maintaining a long-term relationship with our clients. We are committed to protect the client IP throughout the project execution cycle.
To ensure the security and confidentiality of information, a Non-Disclosure Agreement (NDA) is executed with each client and all private information is respected. Our NDA clearly explains:
- What type of information/data will be collected from client?
- Purpose of collecting the information/data
- How it will be used
- What measures will be taken to ensure security?
- With whom it may be disclosed / shared – for legal and security issues, etc.
- Levels of Risk (data loss, unauthorized alteration, etc.)
Non-Disclosure Agreement (NDAs) with Employees
- At the time of joining, all employees are required to sign a proprietary information and inventions agreement. Individual NDAs are also signed with every employee on joining.
- Employees cannot disclose any proprietary information directly or indirectly to anyone outside the project team or company, or use, copy, publish, summarize or remove such information from the company premises.
- Employees cannot use any unfair competitive practices upon termination of employment or engage in any business during employment.
- Any confidential information received from third parties and clients are held in strictest confidence and employees are not allowed to disclose or use it
Project-related IP Protection
- Dedicated resources made available for all projects. This prevents unauthorized usage of resources and protects all proprietary information of our clients.
- We have a strong ethical framework that forbids exchange of IP between projects.
- Every team dedicated to a particular client can have its own secure physical location and its own segment of the LAN.
- Firewalls are installed on our servers to ensure that access is restricted to users within the development center.
- Users are authenticated before being given access.
- Regular virus scans are performed to detect and eliminate virus threats.
- Regular software updates and security patches, offered by the software vendors, are installed.
- Detailed log files are maintained which enable effective monitoring and tracking of usage.
- Access to public email systems is disallowed and floppy and CD disk drives/writers are disabled on all desktops. Prior written permission of the Project Manager is required for usage of respective drives.
- Audits are being done on developer’s machine to ensure the security level
- Multiple storage media (such as drives, back-up servers, etc.) are used to back-up data. Backups are taken at regular intervals to ensure that the latest data is always available.
- Valid IP access: The access to the administrator interface of a web application is restricted to specific IP addresses. This prevents unauthorized users from accessing the application.
- Encrypted Data: We make sure that all sensitive data is stored in encrypted format into the database.
Physical and Other Security Measures
- Our development center is fully protected externally and internally with secure and restricted access to all sensitive resources. Every employee is provided with an Identification card.
- Security staff monitors the facility around the clock and checks the goods going inside and coming out of the development center.
- Our strict staff selection and personnel policies allow us to build stable and highly professional working teams for both offshore and on-site software development projects and ensure non-disclosure.
- We perform background checks on each individual we hire.
- Other security measures in the form of fire alarms, fire hydrants, sprinkler systems are provided within our development center.