At A C Thakrar & Associates, we recognize the importance of data security and are committed to safeguarding the confidentiality, integrity, and availability of our clients’ sensitive information. This Data Security Policy outlines the measures we have in place to protect data from unauthorized access, disclosure, alteration, or destruction. All employees, contractors, and third parties who have access to data are required to adhere to this policy.
1.Information Classification
We classify data based on its sensitivity and criticality to our business operations. The following classification levels are used:
1.1. Confidential Data: Data that, if disclosed or compromised, could cause significant harm to our clients or the firm. This includes personally identifiable information (PII), financial records, and business trade secrets.
1.2. Internal Use Data: Data that is not intended for public disclosure but does not fall into the category of confidential data. This may include internal communications, project-related information, and non-sensitive business records.
2.Data Access Controls
Access to data is granted on a need-to-know basis and in accordance with job responsibilities. We implement the following access controls:
2.1. User Authentication: Strong passwords or passphrase policies are enforced, and multi-factor authentication is implemented for systems containing confidential data.
2.2. User Authorization: Access privileges are assigned based on job roles and responsibilities. Regular reviews are conducted to ensure access is appropriate and up-to-date.
2.3. Account Lockouts: Accounts are locked after a specified number of failed login attempts to mitigate the risk of unauthorized access.
2.4. Separation of Duties: We implement appropriate separation of duties to ensure that critical operations are performed by multiple individuals to prevent unauthorized activities.
3.Data Storage and Retention
We store data in secure environments and ensure appropriate retention periods in accordance with legal and regulatory requirements. The following measures are implemented:
3.1. Physical Security: Physical access controls, such as locked rooms, secure cabinets, and surveillance systems, are in place to protect physical storage media.
3.2. Data Encryption: Data is encrypted both in transit and at rest using industry-standard encryption algorithms to protect against unauthorized access.
3.3. Data Backup: Regular backups of critical data are performed and stored in a separate secure location to facilitate data recovery in the event of system failures or disasters.
3.4. Data Disposal: When data is no longer required, it is securely disposed of using methods that prevent unauthorized retrieval. This includes physical destruction of storage media and secure erasure of digital data.
4.Network and System Security
We maintain a secure network and system infrastructure to protect data from unauthorized access and external threats. The following security measures are in place:
4.1. Firewalls and Intrusion Detection/Prevention Systems: We employ firewalls and intrusion detection/prevention systems to monitor network traffic and detect and block malicious activities.
4.2. Anti-Malware Protection: We use up-to-date anti-malware software to detect and prevent the execution of malicious code that could compromise data security.
4.3. Patch Management: We regularly apply security patches and updates to operating systems, software, and network devices to address known vulnerabilities.
4.4. Secure Configuration: Systems and applications are configured securely, following industry best practices and security guidelines.
5.Employee Awareness and Training
We promote data security awareness among employees through training and communication programs. The following practices are implemented:
5.1. Security Training: Employees receive regular training on data security policies, procedures, and best practices, including how to handle and protect confidential and sensitive data.
5.2. Security Incident Reporting: Employees are encouraged to report any suspected or actual security incidents promptly to the designated individuals or departments.
5.3. Confidentiality Agreements: Employees and contractors sign confidentiality agreements that outline their responsibilities regarding the protection of client data.
6.Third-Party Security
We ensure that third-party vendors or service providers who have access to our data meet adequate security standards. The following practices are implemented:
6.1. Vendor Due Diligence: We perform due diligence assessments on third-party vendors to evaluate their security practices and ensure they comply with our data security requirements.
6.2. Data Processing Agreements: We enter into agreements with third-party vendors that include provisions to protect the security and confidentiality of our data.
7.Incident Response and Reporting
In the event of a data security incident, we have an incident response plan in place to address the situation promptly and minimize any potential impact. The following actions are taken:
7.1. Incident Response Team: We designate a team responsible for managing and responding to data security incidents, including investigating, containing, and remediating any breaches.
7.2. Reporting and Notification: We have procedures in place to report and notify relevant stakeholders, including affected clients, regulatory authorities, and law enforcement agencies, as required by applicable laws and regulations.
8.Compliance with Laws and Regulations
We comply with all relevant data protection laws and regulations applicable to our business operations. We regularly review and update our data security practices to ensure ongoing compliance.
9.Policy Review
This Data Security Policy is reviewed periodically to ensure its effectiveness and relevance. Any necessary updates are made to reflect changes in technology, business operations, and regulatory requirements.
10.Contact Information
For any questions, concerns, or inquiries regarding this Data Security Policy, please contact us at:
A C Thakrar & Associates
317 “RK PRIME”, Next to Silver Heights,
150 FT Ring Road, Nana Mava Circle,
Rajkot-360002
Mail id: admin@acthakrar.co.in
By adhering to this Data Security Policy, we demonstrate our commitment to maintaining the confidentiality, integrity, and availability of our clients’ data and ensuring a secure environment for all stakeholders involved.