Our Security Commitment
As a cybersecurity company, we practice what we preach. Learn about our comprehensive security measures protecting your data and our infrastructure.
Certifications & Compliance
We maintain rigorous certifications and comply with international security standards:
Technical Security Measures
Encryption
- AES-256 encryption for data at rest
- TLS 1.3 for all data in transit
- End-to-end encryption for sensitive communications
- Hardware Security Modules (HSM) for key management
Network Security
- Enterprise-grade firewalls with intrusion detection
- DDoS protection and mitigation
- Network segmentation and micro-segmentation
- 24/7 Security Operations Center (SOC) monitoring
- VPN with multi-factor authentication for remote access
Application Security
- Secure Software Development Lifecycle (SSDLC)
- Regular penetration testing and vulnerability assessments
- Static and dynamic code analysis (SAST/DAST)
- Web Application Firewall (WAF) protection
- Dependency scanning and software composition analysis
Infrastructure Security
Physical Security
- Tier IV data centers with 99.995% uptime guarantee
- Biometric access controls and 24/7 surveillance
- Redundant power and cooling systems
- Geographic redundancy across multiple regions
Cloud Security
- Multi-cloud strategy with AWS, Azure, and GCP
- Infrastructure as Code (IaC) with security policies
- Container security with runtime protection
- Cloud Security Posture Management (CSPM)
Backup & Recovery
- Automated daily backups with 90-day retention
- Geo-redundant backup storage
- Recovery Point Objective (RPO) of 1 hour
- Recovery Time Objective (RTO) of 4 hours
- Regular disaster recovery testing
Access Control & Authentication
- Role-based access control (RBAC) with least privilege principle
- Multi-factor authentication (MFA) required for all systems
- Single Sign-On (SSO) with SAML 2.0 and OAuth 2.0
- Privileged Access Management (PAM) for administrative accounts
- Automated access reviews and certification
- Just-in-time (JIT) access provisioning
- Session monitoring and anomaly detection
Monitoring & Threat Detection
- 24/7/365 Security Operations Center (SOC) staffed by certified analysts
- Security Information and Event Management (SIEM) platform
- Extended Detection and Response (XDR) capabilities
- User and Entity Behavior Analytics (UEBA)
- Threat intelligence feeds from multiple sources
- Automated alert correlation and investigation
- Regular threat hunting exercises
Incident Response
We maintain a comprehensive incident response program aligned with NIST and SANS frameworks:
Response Times: Critical incidents receive response within 15 minutes, with client notification within 1 hour of confirmed breach.
Employee Security Program
- Comprehensive background checks for all employees
- Security awareness training upon hire and annually
- Phishing simulation exercises quarterly
- Secure coding training for developers
- Security certifications required for technical staff
- Clear desk and screen policies
- Confidentiality and non-disclosure agreements
- Secure offboarding procedures with access revocation
Report a Security Issue
We take security seriously and appreciate responsible disclosure of any vulnerabilities you may discover. If you believe you've found a security issue, please report it to us:
Security Team Email: security@onetapsolutions.in
PGP Key: Available upon request
Response Time: Within 24 hours
We kindly request that you give us reasonable time to address any issues before public disclosure. We commit to acknowledging reports within 24 hours and providing regular updates on remediation progress.