Banner

Security, IT and Infrastructure

Working in Accordance with Global Standards of Information Security and Data Protection

Global standards of information security and data protection.

ISO 9001 : 2015- This certification is meant for international standard for quality management system. The company with this certification is guaranteed to meet the required standard of Customer Focus, Leadership, People Engagement, Process Driven Approach, Process Improvement, Evidence Based Decision Making and Relationship Management.

ISO 27001 : 2013- Having this certificate specifies that the company is compliant with the international standard for Information Security Management System. With this certification, PathQuest matches the requirement of Information Security Policies, Physical Security, Environmental Security, Asset Management and Compliance. These are audited annually and are recertified every 3 years.

Physical Infrastructure

To meet the standards of mentioned category, PathQuesthas implemented the below measures including-

Dedicated Infrastructure

Access Control Systems

Continuous review and improvement

We have implemented the below to meet our physical infrastructure objectives.

Dedicated Infrastructure

Fixed office and workstation for every employee

Video Surveillance

24/ 7 surveillance through CCTV cameras

Fire safety

Necessary fire safety equipment in place.

Mobile phone restriction

No cell phones allowed on the floor. Cell phones stored in the lockers outside the office.

Access Control Systems

Entry to every floor restricted only to employees stationed at the particular floor through biometrics access control

Restriction on printing of documents

Access granted to team leads and above

  • Desktop and other technology infrastructure in place with latest configuration
  • Computers and other equipment scraped and replaced every three to four years
  • Dual leased line internet links to ensure 100% uptime.
  • PathQuest facilities have multiple backups through UPS (Uninterrupted Power Supply) systems and diesel generators.
  • Phone Communication: CloudPBX (Ring Central)
  • 24/ 7 IT support Help desk management system
  • Software used like Remote PC, Zoom, Go to Meeting, Microsoft Teams
  • Taxation Software: Drake, ProFx, Pro Series, Lacerte
  • Accounting Software: QuickBooks Desktop, QuickBooks Online, XERO, SageIntacct etc.
  • Disabled DVD drives & external drives
  • Star Topology Network
  • Secured workstations with password. Mandatory password change policy after 30 days
  • Centralized control for enterprise resources, change control, access control and configuration management to avoid interruption in customer service delivery
  • Implementation of clear desktop/desk policy
  • Limited access to communication channels such as chat tools, public emails etc.
  • Periodic audits for threats determination and implementation of relevant steps to avoid them
  • Storage only on central storage
  • Content filters and anti-virus network perimeter
  • IDS/IPS monitoring of network perimeter.
  • Data Loss Prevention
  • Network scans and penetration test
  • Email monitoring by compliance officer
  • Single time source and unified logging of events
  • Vulnerability process audits
  • External audits
  • Application Audits

Security Control Policies

ic-accounting-firms
SSL VPN for employees to Work from Home
ic-accounting-firms
Website Filtering and Content Filtering on Firewall
ic-accounting-firms
Password Protected Systems
ic-accounting-firms
Group Email ID by Client
ic-accounting-firms
Folder Rights Based on Client Allotment
ic-accounting-firms
Internet Browsing Limitations by Firewall
ic-accounting-firms
Whitelisting Domain – Only Authorized Person to Send Email(s)
ic-accounting-firms
No USB Access or Cell Phone Access
ic-accounting-firms
No Office Wi-Fi Accessibility on Cell Phone

Access to Client’s data and Server

Access to Client’s server in secured environment through VPN / Secured RDP / Citrix

Access for Client’s data to only those users who are working on the client’s account

Restricted user profile for the users based on their roles

Password-protected Accounting System

User role-based Accounting System right

Satisfied PathQuest clients preferring to send the documents to PathQuest team through dedicated Group e-mail ID, dedicated fax number or Secured FTP

Data Security Measures

Establish strong passwords

Defining strong password through combination of capitals, lower-case letters, numbers, and symbols.

Firewall

Implementation of firewall for network protection. Firewalls policies are intentionally configured to control incoming and outgoing internet traffic within PathQuest network.

Antivirus protection

Antivirus and anti-malware implemented in place to protect company data. It helps to prevent, search for, detect and remove viruses but also adware, worms, trojans, and so on.

Secure every device

All computers are regularly patched and updated by centralized update server.

Regular Updates

Deployment of disk level encryption across company devices to encrypt all the data thus ensuring the inaccessibility of data without entering the correct password.

Schedule backups

Schedule backups on defined frequency as per data backup policy.

Educate employees about Data Security

Providing regular training to PathQuest employees about data security awareness.

PathQuest Security Program (Policies and Procedures)

Acceptable Use Policy

This policy stipulates the constraints and practices that an employee using organizational IT assets must agree to in order to access to the PathQuest network or the internet. It is standard onboarding policy for new employees.

Access Control Policy

This policy is to define access available to employees in regard to PathQuest data and information systems. This Policy includes access control standards and Implementation Guides. This policy has standards for user access, network access controls, operating system software controls and the complexity of passwords.

Change Management Policy

PathQuest change management policy refers to a formal process for making changes to IT, software development and security services/operations.

Information Security Policy

PathQuest information security policies are typically high-level policies that covers a large number of security controls. This policy is designed for employees to recognize that there are rules that they will be held accountable to with regard to the sensitivity of the PathQuest information and IT assets.

Incident Response (IR) Policy

The incident response policy is an organized approach to how the PathQuest manages incident and remediate the impact to operations.

Remote Access Policy

The remote access policy is a document which outlines and defines acceptable methods of remotely connecting to PathQuest internal networks.

Email/Communication Policy

PathQuest email policy is a document that is used to formally outline how employees can use the business’ chosen electronic communication medium.

Disaster Recovery Policy

Disaster recovery plan as part of the business continuity plan. If the event has a significant business impact, the Business Continuity Plan will be activated.

Business Continuity Plan (BCP)

BCP Plan describe how the PathQuest will operate in an emergency.