Security Statement

Digitate is a venture of Tata Consultancy Services (TCS) and is governed by TCS’ Information Security Management System. This defines a set of baseline controls that are deployed across all locations from where TCS operates. TCS’ security framework is based on the globally recognized ISO 27001:2005 ISMS standard. TCS has been certified “Enterprise wide” for ISO 27001:2013 security standards as well as for ISO 22301:2012 Business Continuity standards.

Process Security

Digitate adheres to Secure Software Development Lifecycle guidelines as prescribed in the TCS’ Information Security Management System. A summary of key security practices followed in the SSDLC are listed below

• All software requirements are evaluated for the CIA triad of Confidentiality, Integrity and Availability
• Threat Models are created for the software using the STRIDE approach
• All third party software components are continuously evaluated for open vulnerabilities using Veracode SCA
• All code is continuously scanned through Static Application Security Testing (SAST) using Veracode SAST
• The software is regularly scanned through Dynamic Application Security Testing (DAST) using Veracode DAST
• Software is assessed for compliance against Digitate’s Data Privacy Policy
• Software distribution is signed to ensure integrity of the distribution
• All Digitate associates regularly undergo Information Security trainings as applicable to their roles

Product Security

All Digitate products implement the following security principles under the CIA triad

• Confidentiality
  • Authentication – Access to products and product components are suitably authenticated
  • Authorization – Access to various product features are properly authorized using a RBAC framework and appropriate segregation of roles are implemented
  • Network Access Control – Access to products and product components are controlled using perimeter network controls
• Integrity
  • Data Security – Data is protected both at rest and in motion
  • Auditability – Appropriate audit of all key activities are maintained
• Availability
  • High availability – High availability and failover is baked into the software architecture for all its constituent components
  • Backup and Recovery – Backup routines and recovery procedures are defined
  • Disaster Recovery – Disaster Recovery processes are documented and published

SaaS Security

Digitate offers its ignio set of products in the software-as-a-service (SaaS) model. Digitate SaaS is hosted using a third-party cloud service provider Microsoft Azure Cloud. Details about the Security and Privacy practices of Microsoft Azure Cloud are available at

https://www.docs.microsoft.com/en-us/azure/security

Digitate SaaS architecture ensures that data for each customer is segregated and completely isolated from each other. To adhere to data residency requirements, customer’s data is located in a country based on customer’s preference.

More detailed information on Digitate’s Security practices are available as part of the product documentation available to customers.

For any queries or clarifications, please send a mail to ignio.support@digitate.com