Security Statement
Digitate Security Statement
Digitate is a venture of Tata Consultancy Services (TCS) and is governed by TCS’ Information Security Management System. This defines a set of baseline controls that are deployed across all locations from where TCS operates. TCS’ security framework is based on the globally recognized ISO 27001:2005 ISMS standard. TCS has been certified “Enterprise wide” for ISO 27001:2013 security standards as well as for ISO 22301:2012 Business Continuity standards.
Process Security
Digitate adheres to Secure Software Development Lifecycle guidelines as prescribed in the TCS’ Information Security Management System. A summary of key security practices followed in the SSDLC are listed below
- All software requirements are evaluated for the CIA triad of Confidentiality, Integrity and Availability
- Threat Models are created for the software using the STRIDE approach
- All third party software components are continuously evaluated for open vulnerabilities using Veracode SCA
- All code is continuously scanned through Static Application Security Testing (SAST) using Veracode SAST
- The software is regularly scanned through Dynamic Application Security Testing (DAST) using Veracode DAST
- Software is assessed for compliance against Digitate’s Data Privacy Policy
- Software distribution is signed to ensure integrity of the distribution
- All Digitate associates regularly undergo Information Security trainings as applicable to their roles
Product Security
All Digitate products implement the following security principles under the CIA triad
- Confidentiality
- Authentication – Access to products and product components are suitably authenticated
- Authorization – Access to various product features are properly authorized using a RBAC framework and appropriate segregation of roles are implemented
- Network Access Control – Access to products and product components are controlled using perimeter network controls
- Integrity
- Data Security – Data is protected both at rest and in motion
- Auditability – Appropriate audit of all key activities are maintained
- Availability
- High availability – High availability and failover is baked into the software architecture for all its constituent components
- Backup and Recovery – Backup routines and recovery procedures are defined
- Disaster Recovery – Disaster Recovery processes are documented and published
SaaS Security
Digitate offers its ignio set of products in the software-as-a-service (SaaS) model. Digitate SaaS is hosted using a third-party cloud service provider Microsoft Azure Cloud. Details about the Security and Privacy practices of Microsoft Azure Cloud are available at
https://www.docs.microsoft.com/en-us/azure/security
Digitate SaaS architecture ensures that data for each customer is segregated and completely isolated from each other. To adhere to data residency requirements, customer’s data is located in a country based on customer’s preference.
More detailed information on Digitate’s Security practices are available as part of the product documentation available to customers.
For any queries or clarifications, please send a mail to ignio.support@digitate.com