Security Policy

Confidentiality Statement

This document contains confidential information of Digitate- A Tata Consultancy Services Venture, which is provided for the sole purpose of permitting the recipient to evaluate the information submitted herewith. In consideration of receipt of this document, the recipient agrees to maintain such information in confidence and to not reproduce or otherwise disclose this information to any person outside the group directly responsible for evaluation of its contents, except that there is no obligation to maintain the confidentiality of any information which was known to the recipient prior to receipt of such information from Tata Consultancy Services Limited, or becomes publicly known through no fault of recipient, or is received without obligation of confidentiality from a third party owing no obligation of confidentiality to Tata Consultancy Services Limited.

RELEASE HISTORY

The following table displays the released version details.

Release Version

Release Date

Sections Affected

Description

1.0 June 1st, 2019 All

Digitate Security Statement

Digitate is a wholly-owned TCS (Tata Consultancy Services) venture and is governed by TCS’ Information Security Management System. This defines a set of baseline controls that are deployed across all locations from where TCS operates. TCS’ security framework is based on the globally recognized ISO 27001:2005 ISMS standard. TCS has been certified “Enterprise wide” for ISO 27001:2013 security standards as well as for ISO 22301:2012 Business Continuity standards.

Process Security

Digitate adheres to Secure Software Development Lifecycle guidelines as prescribed in the TCS’ Information Security Management System. A summary of key security practices followed in the SSDLC is listed below

  • All software requirements are evaluated for the CIA triad of Confidentiality, Integrity and Availability
  • Threat Models are created for the software using the STRIDE approach
  • All third party software components are continuously evaluated for open vulnerabilities using Veracode SCA
  • All code is continuously scanned through static application security testing (SAST) using Veracode SAST
  • The software is regularly scanned through dynamic application security testing (DAST) using Veracode DAST
  • Software is assessed for compliance against Digitate’s Data Privacy Policy which can be accessed here
  • Software distribution is signed to ensure integrity of the distribution
  • All Digitate associates regularly undergo Information Security trainings as applicable to their roles

Product Security

All Digitate products implement the following security principles under the CIA triad

  • Confidentiality
    • Authentication – Access to products and product components are suitably authenticated
    • Authorization – Access to various product features are properly authorized using a RBAC framework and appropriate segregation of roles are implemented
    • Network Access Control – Access to products and product components are controlled using perimeter network controls
  • Integrity
    • Data Security – Data is protected both at rest and in motion
    • Auditability – Appropriate audit of all key activities are maintained
  • Availability
    • High availability – High availability and failover is baked into the software architecture for all its constituent components
    • Backup and Recovery – Backup routines and recovery procedures are defined
    • Disaster Recovery – Disaster Recovery processes are documented and published

SaaS Security

Digitate offers its ignio set of products in the software-as-a-service (SaaS) model. Digitate SaaS is hosted using a third party cloud service provider Microsoft Azure Cloud. Details about the Security and Privacy practices of Microsoft Azure Cloud are available at

https://www.microsoft.com/en-us/security

Digitate SaaS architecture ensures that data for each customer is segregated and completely isolated from each other. To adhere to data residency requirements, customer’s data is located in a country based on customer’s preference.

More detailed information on Digitate’s Security practices are available as part of the product documentation available to customers.

For any queries or clarifications, please send a mail to .

About Digitate

Digitate is a Tata Consultancy Services (TCS) venture for next generation products, systems and platforms geared towards the digital enterprise. Our services, skills, industry knowledge and global presence will help you transform the role of IT from a business enabler to a business differentiator. You will achieve remarkable results, with great performance, from your IT infrastructure.
Tata Consultancy Services is an IT services, consulting and business solutions organization that delivers real results to global businesses, ensuring a level of certainty that no other firm can match. TCS is part of the Tata group, one of India’s largest industrial conglomerates and most respected brands. We have over 319,000 of the world’s best-trained IT consultants in 46 countries. For more information, visit us at www.digitate.com

All content / information present here is the exclusive property of Tata Consultancy Services Limited (TCS). The content / information contained here is correct at the time of publishing. No material from here may be copied, modified, reproduced, republished, uploaded, transmitted, posted or distributed in any form without prior written permission from TCS. Unauthorized use of the content / information appearing here may violate copyright, trademark and other applicable laws, and could result in criminal or civil penalties.

Copyright © 2019 Tata Consultancy Services Limited