Digitate Security Statement
Digitate is a venture of Tata Consultancy Services (TCS) and is governed by TCS’ Information Security Management System. This defines a set of baseline controls that are deployed across all locations from where TCS operates. TCS’ security framework is based on the globally recognized ISO 27001:2005 ISMS standard. TCS has been certified “Enterprise wide” for ISO 27001:2013 security standards as well as for ISO 22301:2012 Business Continuity standards.
Digitate adheres to Secure Software Development Lifecycle guidelines as prescribed in the TCS’ Information Security Management System. A summary of key security practices followed in the SSDLC is listed below
- All software requirements are evaluated for the CIA triad of Confidentiality, Integrity and Availability
- Threat Models are created for the software using the STRIDE approach
- All third party software components are continuously evaluated for open vulnerabilities using Veracode SCA
- All code is continuously scanned through static application security testing (SAST) using Veracode SAST
- The software is regularly scanned through dynamic application security testing (DAST) using Veracode DAST
- Software distribution is signed to ensure integrity of the distribution
- All Digitate associates regularly undergo Information Security trainings as applicable to their roles
All Digitate products implement the following security principles under the CIA triad
- Authentication – Access to products and product components are suitably authenticated
- Authorization – Access to various product features are properly authorized using a RBAC framework and appropriate segregation of roles are implemented
- Network Access Control – Access to products and product components are controlled using perimeter network controls
- Data Security – Data is protected both at rest and in motion
- Auditability – Appropriate audit of all key activities are maintained
- High availability – High availability and failover is baked into the software architecture for all its constituent components
- Backup and Recovery – Backup routines and recovery procedures are defined
- Disaster Recovery – Disaster Recovery processes are documented and published
Digitate offers its ignio set of products in the software-as-a-service (SaaS) model. Digitate SaaS is hosted using a third-party cloud service provider Microsoft Azure Cloud. Details about the Security and Privacy practices of Microsoft Azure Cloud are available at
Digitate SaaS architecture ensures that data for each customer is segregated and completely isolated from each other. To adhere to data residency requirements, customer’s data is located in a country based on customer’s preference.
More detailed information on Digitate’s Security practices are available as part of the product documentation available to customers.
For any queries or clarifications, please send a mail to firstname.lastname@example.org