Compliance and Information Security

Knowcraft’s commitment to information security is evident through their ISO/IEC 27001 certification, which provides a secure, stable, and scalable IT environment to meet client business requirements, with a comprehensive data security program ensuring confidentiality, integrity, and availability. Let’s delve into some of the security measures they have in place:

Physical and Environmental Security:

  • Access Control: RFID/FRS entry/exit systems for employees and authorized visitors.
  • Critical Areas: Restricted access to server rooms.
  • Server Room: 24×7 temperature-controlled, housing servers, switches, firewalls, and surveillance systems with UPS support.
  • Network: Gigabit LAN with structured cabling on the production floor.
  • Surveillance: Office-wide CCTV and fire safety systems.

Logical Access Control:

  • User Authentication: Primary and additional domain controllers with strict password policies.
  • System Security: Auto-locking computers, NTFS permissions, and GPO on a need-to-know basis.
  • Device Restrictions: USB ports, optical drives, Bluetooth, and Wi-Fi are restricted. Email access is controlled per client requirements.

Information Security:

Key attributes include:

  • Confidentiality: Protection from unauthorized disclosure.
  • Integrity: Safeguarding accuracy and completeness.
  • Availability: Ensuring timely access for authorized users.

Training and Awareness:

  • IT Induction: During IT induction at Knowcraft Analytics, every new employee receives a comprehensive overview of the organization’s basic IT practices and cyber security framework.
  • Confidentiality Agreements: Signed by all staff.
  • Cybersecurity Awareness: Periodic newsletters, posters, screen savers, and annual training sessions with quizzes.

Secure Working Environment:

  • Clear Desk/Clear Screen Policy: Ensures sensitive materials are secured and systems are auto-locked when not in use.
  • Gateway Security: Industry-standard hardware UTM HA cluster for network security.
  • VPN Security: Industry-standard SSL VPN client for work from home users.
  • Endpoint Protection: Comprehensive endpoint security including antivirus, network threat protection, and disk encryption.
  • Patch Management: Regular updates for servers, endpoints, and network devices.
  • Backup and Recovery: Onsite and cloud backups for critical data and restoration of data.
  • Business Continuity and Disaster recovery: Cloud based DR site and annual DR drill activity for business continuity purposes.
  • External Audits: Annual third-party security audits and penetration tests.
  • Employee Verification and Training: Background checks and regular information security training with assessments.
Contact Us