Security and Privacy
Digitate employs comprehensive security measures to protect your data against unauthorized access and potential threats. At Digitate, we are committed to protecting your personal information through transparent and responsible data handling practices.
Security
As an enterprise SaaS partner to Digitate customers, we are committed to deliver secure service and security to our customer data. Elaborated controls and specialized teams are enabled to ensure an adequate security posture to protect customer data while providing SaaS services. We align our operations to multiple frameworks and its controls such as ISO 27001:2022, ISO 31000, ISO 22301:2019, Service Organization Controls(SOC2+), CSA cloud controls matrix (CCM), The Health Insurance Portability and Accountability (HIPAA) and General Data Protection and Regulation (GDPR) requirements.
Privacy
At Digitate, we understand that while using SaaS application, you entrust us with your most valuable asset – ‘your data’. Our application uses your data only for the services we agreed on and does not mine it for any other purpose such as marketing or advertising. Customers can maintain their data in specific regions to preserve data residency requirements. Our SaaS application does not use subcontractors to manage SaaS operations. Digitate do not disclose your data to government or law enforcement agencies unless you direct us or as required by the law. Our legal, security and privacy teams work collaboratively to ensure implementation of a consistent and effective privacy program.
Controls
Data Access
As a SaaS provider what kind of customer data does your SaaS application process and store?
Our application collects minimal PII information such as name, and business email for the purpose of registration. Application proxy integrates with tools (such as ServiceNow CMDB, ServiceNow ITSM, SCOM, Nagios, Datadog etc.) to process customer data in the SaaS instance for operation of various use cases related to IT telemetry analysis and intelligence.
For more information on what our applications collect and process, refer Digitate privacy policy at:
Data Privacy Notice – Digitate
Physical Security (Hosting Provider)
How do you ensure physical security in your SaaS environment?
Our SaaS application is hosted on Microsoft Azure (PaaS) and Amazon AWS (PaaS). Our PaaS cloud service provider ensures physical security. Microsoft Azure and Amazon AWS are ISO 270001 and SOC 2 certified.
Our Offshore delivery centers are ISO 27001 certified, and all physical controls are enforced.
Please refer to https://docs.microsoft.com/en-us/azure/security/fundamentals/physical-security for CSP’s security implementation.
Please refer to Data Centers – Our Controls (amazon.com) for CSP’s security implementation.
SSO support
How does your application support SSO integration?
Our SaaS application can be integrated with customer’s Identity and Access Management system to manage user access. Application supports both SAML integration to IAM tools as well as LDAP binding integration to enterprise directory. Through SAML integration, application supports using enterprise Multifactor Authentication (MFA) for authentication. ignio also has native support for TOTP based MFA, which can be used in absence of MFA from enterprise IAM.
Product Auditing
How does your SaaS application support auditing?
Application audits various actions based on multiple audit events which can be tracked in the application via APIs. Proxy component logs can be integrated into Splunk or other solutions. The complete list of audit events is available upon request during the product evaluation.
Integrations and Adapters
How does your SaaS application support integrations and adapters?
Our SaaS application supports adapters and integrations for the functioning of use cases. We have adapters and integrations available for major industry vendors such as ServiceNow, AppDynamics, SNMP, SolarWinds, SCOM, Splunk, Azure data factory, Remedy, Cherwell, HPSM, ScienceLogic, Nagios, Cisco DNAC, Jira, CyberArk, Amazon cloudwatch , Azure monitor, SummitAI , GCP etc. A complete list of adapters and integration is available upon request during the product evaluation.
Role Based access Control (RBAC)
Does your SaaS application support role-based access control (RBAC) ?
Access control policies are aligned to ISO27001 framework. Access controls to applications, systems, databases follow the least privilege principle. Periodic access reviews are conducted to ensure only legit users and groups have access to perform actions as per aligned roles.
Our SaaS application supports role-based access control (RBAC) and access management can be integrated with customer AD for them to manage access control.
Access Management
How does your SaaS application handle access management?
Individual uniquely named IDs are used for authentication. IDs not used for 90 days are disabled from the system. All access approvals are managed with a change management process with CRs. Segregation of duties is implemented for access grant and approvals. Audit trails are maintained and access to audit logs is restricted to authorized personnel only.
Backups & Restore
What is your backup management policy?
Our SaaS application is hosted on Azure and AWS container-based architecture. The data resides on databases used by application at the backend. The complete snapshot backup happens using Azure/AWS backup services with 3 copy redundancy on cloud. Backups are encrypted and test restoration is performed periodically.
Data Retention, Archival & Disposal
What is your data retention, archival and disposal policy?
There is no physical media as ignio is a Azure/AWS hosted SaaS solution. The data retention and disposal policy for ignio SaaS is as under:
For ex-customer (off boarded)
All data, except logs, is purged and the ignio SaaS tenant is decommissioned / deleted, along with all its underlying infrastructure, at the time of termination of contract.
Customer SPOC may request to export all Blueprint static customer data prior to off-boarding.
Once a customer is offboarded then the entire instance is deleted.
Data classification
Our data classification policy is aligned with NIST IR 8496.
Encryption
Data at Rest – AES 256
Data in transit – TLS 1.2
Subprocessors
Our list of subprocessors is available on this link Data Processing Addendum – Digitate
Data processing Agreement
Our Data processing agreement is available on this link Digitate Sub Processors List – Digitate
Data Privacy
Privacy Policy
Our Privacy policy is available on this link Data Privacy Notice – Digitate
Data Breach Notification
What is your breach notification policy?
Initial notification of suspected breach will be communicated to customers within 72 hours once Digitate becomes aware of it.
HIPAA
ignio does not store and process electronic health information, however we do get assessed on SaaS infrastructure level controls under SOC 2 to demonstrate our readiness to HIPAA.
Under SOC 2+ assessment, we are getting tested on HIPAA controls.
GDPR
ignio collects minimal information for its functioning. We do get assessed on SaaS infrastructure level controls under SOC 2 to demonstrate our compliance with GDPR requirements.
Tenant Environments
Each SaaS application tenant environment is segregated having dedicated VNET /VPC. Azure/AWS WAF is installed .
Business Continuity and Disaster Recovery
We have a Business Continuity Management Program in place which is aligned to ISO 22301 framework and TCS ISMS policy. Business impact assessment is performed annually and any changes in infrastructure / applications is brought in scope of BCP during the review cycle.
Details of our BCP – RTO / RPO is available under: Software Support Policy – Digitate
DDOS Protection
We have Azure premium DDoS protection enabled for all tenants.
Azure DDoS Protection Overview | Microsoft Learn
We have AWS shield enabled for all tenants
Managed DDoS Protection – AWS Shield – AWS (amazon.com)
SIEM/SOC Monitoring
SaaS infrastructure security logs are integrated into centralized SIEM/SOC for 24*7 monitoring. Logs are ingested into the SIEM for analysis and event generation.
SaaS infrastructure logs are not ingested into client SIEM.
The SaaS application audit events (On proxy component) can be integrated with customer SIEM.
Threat Detection and Prevention
How do you ensure the security of your container infrastructure?
Real time threat detection and protection is enabled for all container clusters and nodes.
Endpoint Security
Disk encryption, data leakage prevention and threat detection softwares are installed on all endpoints and managed by a centralized team.
Azure Web Application Firewall
Azure Web application firewall is deployed for our customers.
Azure Web Application Firewall (WAF) | Microsoft Azure
AWS Web application firewall is deployed for our customers.
Web Application Firewall, Web API Protection – AWS WAF – AWS (amazon.com)
CSO organization
We have CSO organization setup as per ISO27001 ISMS framework to oversee and manage security risks governance.
HR Security
All associates and third parties undergo reviews under security requirements. NDA is signed with each party before engaging in work. Background verification checks are performed before hiring permanent and temporary resources.
Security Incident Management
Incident response and privacy incident management process is defined at organization level. Roles and responsibilities are defined for Incident Response team . Incidents are logged via support portal by customers and reviewed at periodic internals.
Security Awareness and Trainings
We conduct regular security awareness and training for all associates, 3rd party vendors, and partners.
ISMS Policies
Our security and privacy policies are internal to the organization and not shared externally. Please refer our SOC 2 + report for more information on service organization controls compliance covering in depth all policies and procedures.
