Security and Privacy
Digitate employs comprehensive security measures to protect your data against unauthorized access and potential threats. At Digitate, we are committed to protecting your personal information through transparent and responsible data handling practices.
Security
As an enterprise SaaS partner to Digitate customers, we are committed to deliver secure service and security to our customer data. Elaborated controls and specialized teams are enabled to ensure an adequate security posture to protect customer data while providing SaaS services. We align our operations to multiple frameworks and its controls such as ISO 27001:2022, ISO 31000, ISO 22301:2019, Service Organization Controls(SOC2+), CSA cloud controls matrix (CCM), The Health Insurance Portability and Accountability (HIPAA) and General Data Protection and Regulation (GDPR) requirements.
Privacy
At Digitate, we understand that while using SaaS application, you entrust us with your most valuable asset – ‘your data’. Our application uses your data only for the services we agreed on and does not mine it for any other purpose such as marketing or advertising. Customers can maintain their data in specific regions to preserve data residency requirements. Our SaaS application does not use subcontractors to manage SaaS operations. Digitate do not disclose your data to government or law enforcement agencies unless you direct us or as required by the law. Our legal, security and privacy teams work collaboratively to ensure implementation of a consistent and effective privacy program.
Controls
Data AccessÂ
As a SaaS provider what kind of customer data does your SaaS application process and store?Â
Our application collects minimal PII information such as name, and business email for the purpose of registration. Application proxy integrates with tools (such as ServiceNow CMDB, ServiceNow ITSM, SCOM, Nagios, Datadog etc.) to process customer data in the SaaS instance for operation of various use cases related to IT telemetry analysis and intelligence. Â
For more information on what our applications collect and process, refer Digitate privacy policy at:Â Â
Data Privacy Notice – DigitateÂ
Physical Security (Hosting Provider)Â
How do you ensure physical security in your SaaS environment? Â
Our SaaS application is hosted on Microsoft Azure (PaaS) and Amazon AWS (PaaS). Our PaaS cloud service provider ensures physical security. Microsoft Azure and Amazon AWS are ISO 270001 and SOC 2 certified.Â
Our Offshore delivery centers are ISO 27001 certified, and all physical controls are enforced. Â
Please refer to  https://docs.microsoft.com/en-us/azure/security/fundamentals/physical-security for CSP’s security implementation.Â
Please refer to Data Centers – Our Controls (amazon.com) for CSP’s security implementation. Â
SSO supportÂ
How does your application support SSO integration? Â
Our SaaS application can be integrated with customer’s Identity and Access Management system to manage user access. Application supports both SAML integration to IAM tools as well as LDAP binding integration to enterprise directory. Through SAML integration, application supports using enterprise Multifactor Authentication (MFA) for authentication. ignio also has native support for TOTP based MFA, which can be used in absence of MFA from enterprise IAM.Â
Product Auditing Â
How does your SaaS application support auditing?Â
Application audits various actions based on multiple audit events which can be tracked in the application via APIs. Proxy component logs can be integrated into Splunk or other solutions. The complete list of audit events is available upon request during the product evaluation.Â
Integrations and AdaptersÂ
How does your SaaS application support integrations and adapters?Â
Our SaaS application supports adapters and integrations for the functioning of use cases. We have adapters and integrations available for major industry vendors such as ServiceNow, AppDynamics, SNMP, SolarWinds, SCOM, Splunk, Azure data factory, Remedy, Cherwell, HPSM, ScienceLogic, Nagios, Cisco DNAC, Jira, CyberArk, Amazon cloudwatch , Azure monitor, SummitAI , GCP etc. A complete list of adapters and integration is available upon request during the product evaluation.Â
Role Based access Control (RBAC) Â
Does your SaaS application support role-based access control (RBAC) ?Â
Access control policies are aligned to ISO27001 framework. Access controls to applications, systems, databases follow the least privilege principle. Periodic access reviews are conducted to ensure only legit users and groups have access to perform actions as per aligned roles.Â
Our SaaS application supports role-based access control (RBAC) and access management can be integrated with customer AD for them to manage access control.Â
Access Management Â
How does your SaaS application handle access management?Â
Individual uniquely named IDs are used for authentication. IDs not used for 90 days are disabled from the system. All access approvals are managed with a change management process with CRs. Segregation of duties is implemented for access grant and approvals. Audit trails are maintained and access to audit logs is restricted to authorized personnel only. Â
Backups & Restore Â
What is your backup management policy?Â
Our SaaS application is hosted on Azure and AWS container-based architecture. The data resides on databases used by application at the backend. The complete snapshot backup happens using Azure/AWS backup services with 3 copy redundancy on cloud. Backups are encrypted and test restoration is performed periodically.Â
Data Retention, Archival & Disposal Â
What is your data retention, archival and disposal policy?Â
There is no physical media as ignio is a Azure/AWS hosted SaaS solution. The data retention and disposal policy for ignio SaaS is as under:Â
For ex-customer (off boarded)Â
All data, except logs, is purged and the ignio SaaS tenant is decommissioned / deleted, along with all its underlying infrastructure, at the time of termination of contract.Â
Customer SPOC may request to export all Blueprint static customer data prior to off-boarding. Â
Once a customer is offboarded then the entire instance is deleted.Â
Data classificationÂ
Our data classification policy is aligned with NIST IR 8496. Â
Encryption Â
Data at Rest – AES 256 Â
Data in transit – TLS 1.2 Â
Subprocessors Â
Our list of subprocessors is available on this link Data Processing Addendum – DigitateÂ
Data processing Agreement Â
Our Data processing agreement is available on this link Digitate Sub Processors List – DigitateÂ
Data Privacy Â
Privacy PolicyÂ
Our Privacy policy is available on this link Data Privacy Notice – DigitateÂ
Data Breach NotificationÂ
What is your breach notification policy?Â
Initial notification of suspected breach will be communicated to customers within 72 hours once Digitate becomes aware of it. Â
HIPAAÂ
ignio does not store and process electronic health information, however we do get assessed on SaaS infrastructure level controls under SOC 2 to demonstrate our readiness to HIPAA. Â
Under SOC 2+ assessment, we are getting tested on HIPAA controls. Â
GDPRÂ Â
ignio collects minimal information for its functioning. We do get assessed on SaaS infrastructure level controls under SOC 2 to demonstrate our compliance with GDPR requirements.Â
Tenant Environments Â
Each SaaS application tenant environment is segregated having dedicated VNET /VPC. Azure/AWS WAF is installed . Â
Business Continuity and Disaster RecoveryÂ
We have a Business Continuity Management Program in place which is aligned to ISO 22301 framework and TCS ISMS policy. Business impact assessment is performed annually and any changes in infrastructure / applications is brought in scope of BCP during the review cycle.Â
Details of our BCP – RTO / RPO is available under: Software Support Policy – DigitateÂ
DDOS Protection Â
We have Azure premium DDoS protection enabled for all tenants.Â
Azure DDoS Protection Overview | Microsoft LearnÂ
We have AWS shield enabled for all tenantsÂ
Managed DDoS Protection – AWS Shield – AWS (amazon.com)Â
SIEM/SOC MonitoringÂ
SaaS infrastructure security logs are integrated into centralized SIEM/SOC for 24*7 monitoring. Logs are ingested into the SIEM for analysis and event generation. Â
SaaS infrastructure logs are not ingested into client SIEM.
The SaaS application audit events (On proxy component) can be integrated with customer SIEM. Â
Threat Detection and PreventionÂ
How do you ensure the security of your container infrastructure?Â
Real time threat detection and protection is enabled for all container clusters and nodes.Â
Endpoint SecurityÂ
Disk encryption, data leakage prevention and threat detection softwares are installed on all endpoints and managed by a centralized team. Â
Azure Web Application FirewallÂ
Azure Web application firewall is deployed for our customers. Â
Azure Web Application Firewall (WAF) | Microsoft AzureÂ
AWS Web application firewall is deployed for our customers. Â
Web Application Firewall, Web API Protection – AWS WAF – AWS (amazon.com)Â
CSO organizationÂ
We have CSO organization setup as per ISO27001 ISMS framework to oversee and manage security risks governance. Â
HR SecurityÂ
All associates and third parties undergo reviews under security requirements. NDA is signed with each party before engaging in work. Background verification checks are performed before hiring permanent and temporary resources. Â
Security Incident ManagementÂ
Incident response and privacy incident management process is defined at organization level. Roles and responsibilities are defined for Incident Response team . Incidents are logged via support portal by customers and reviewed at periodic internals. Â
Security Awareness and Trainings Â
We conduct regular security awareness and training for all associates, 3rd party vendors, and partners. Â
ISMS Policies
Our security and privacy policies are internal to the organization and not shared externally. Please refer our SOC 2 + report for more information on service organization controls compliance covering in depth all policies and procedures.
