We are aware that whenever a company opts for services like accounting, bookkeeping, payroll or taxation a lot of sensitive data requires to be shared. We are extremely sensitive to the security and confidentiality of client data.

Our company meets all the standards of GDPR and we are a certified GDPR compliant company with a very transparent and clear privacy policy.

We are also ISO 27001-2013 certified for the most standard Quality Measures for Information Security.

Certified GDPR Compliance

ISO 9001-2008

ISO 27001-2013

Data Security

We follow strict protocols to implement physical as well as IT related aspects of data security.

Physical Security

  1. Our premises are covered with closed circuit cameras to monitor and secure our work place.
  2. We have implemented an access control system at the entrance of our workplace to allow only controlled entry into the production areas.
  3. The access to the server room is restricted and no one except the IT team is allowed to enter. This access too is authenticated by access card only.
  4. Our workstations do not have CD R/W drives.
  5. The USB ports at the workstations are disabled.
  6. Document storage area is well protected.

IT Security

  1. Every workstation is installed with anti-virus software which checks for updates daily. A quick scan is done on a daily basis. We have boot scan and full scan scheduled on weekly and monthly basis respectively.
  2. The anti-malware software on all computers does a quick scan twice a day.
  3. The access to company’s network is protected by default windows firewall software.
  4. All the computers are password protected. Every user has his/her password which is compulsorily changed every 42 days.
  5. All users have restricted access to client information. Only authorized users have access to the restrictive information of the clients that they are working for.
  6. We have different account management policies like deactivation of accounts after separation of affiliation. The account access requirements are reviewed regularly for changes.
  7. The session controls on all the workstations and servers are implemented for added security. The server is configured to LOCK after 5 minutes of unattended time. It requires re-authentication to unlock again. All computers are configured to LOCK after 10 minutes of unattended time. They would require re-authentication to unlock again.
  8. Various backup operations are scheduled to prevent the loss of data. We have a previous version backup scheduled twice a day. The differential backup is scheduled weekly whereas the Full backup is scheduled monthly.
  9. The use of personal email accounts is not allowed to the users. The access to various Internet sites is also restricted and controlled.
  10. We are moving towards a paperless environment which serves the purpose of being eco-friendly as well as ensuring security of data.
  11. We also have IP authentication to restrict outsider access to confidential information within the office.

Confidentiality

  1. All employees are bound by stringent non-disclosure and non-compete agreements.
  2. We recognize that all the data and information provided by the client is confidential and strictly the property of the client.
  3. No one at Initor shall ever disclose any client information to any third party without the prior consent of the client.
  4. All raw and processed data whether in electronic format or in printouts will be destroyed once the work is over.