Security Statement

Digitate is a wholly-owned TCS (Tata Consultancy Services) venture and is governed by TCS’ Information Security Management System. This defines a set of baseline controls that are deployed across all locations from where TCS operates. TCS’ security framework is based on the globally recognized ISO 27001:2005 ISMS standard. TCS has been certified “Enterprise wide” for ISO 27001:2013 security standards as well as for ISO 22301:2012 Business Continuity standards.

Process Security

Digitate adheres to Secure Software Development Lifecycle guidelines as prescribed in the TCS’ Information Security Management System. A summary of key security practices followed in the SSDLC is listed below

  • All software requirements are evaluated for the CIA triad of Confidentiality, Integrity and Availability
  • Threat Models are created for the software using the STRIDE approach
  • All third party software components are continuously evaluated for open vulnerabilities using Veracode SCA
  • All code is continuously scanned through static application security testing (SAST) using Veracode SAST
  • The software is regularly scanned through dynamic application security testing (DAST) using Veracode DAST
  • Software is assessed for compliance against Digitate’s Data Privacy Policy which can be accessed here
  • Software distribution is signed to ensure integrity of the distribution
  • All Digitate associates regularly undergo Information Security trainings as applicable to their roles

Product Security

All Digitate products implement the following security principles under the CIA triad

  • Confidentiality
    • Authentication – Access to products and product components are suitably authenticated
    • Authorization – Access to various product features are properly authorized using a RBAC framework and appropriate segregation of roles are implemented
    • Network Access Control – Access to products and product components are controlled using perimeter network controls
  • Integrity
    • Data Security – Data is protected both at rest and in motion
    • Auditability – Appropriate audit of all key activities are maintained
  • Availability
    • High availability – High availability and failover is baked into the software architecture for all its constituent components
    • Backup and Recovery – Backup routines and recovery procedures are defined
    • Disaster Recovery – Disaster Recovery processes are documented and published

SaaS Security

Digitate offers its ignio set of products in the software-as-a-service (SaaS) model. Digitate SaaS is hosted using a third party cloud service provider Microsoft Azure Cloud. Details about the Security and Privacy practices of Microsoft Azure Cloud are available at

https://www.microsoft.com/en-us/security

Digitate SaaS architecture ensures that data for each customer is segregated and completely isolated from each other. To adhere to data residency requirements, customer’s data is located in a country based on customer’s preference.

More detailed information on Digitate’s Security practices are available as part of the product documentation available to customers.

For any queries or clarifications, please send a mail to ignio.support@digitate.com