Banner

Security, IT and Infrastructure

Working in Accordance with Global Standards of Information Security and Data Protection

Global standards of information security and data protection.

Pathquest is an ISO 9001:2015 certified company. The ISO 9001:2015 is the international standard for quality management system. This certification ensures that we meet the required standard of Customer focus, Leadership, People Engagement, Process driven approach, Process Improvement, Evidence-based decision making, Relationship Management in all our core functions.

Pathquest is an ISO 27001:2013 certified company. The ISO 27001:2013 is the international standard for ISMS – Information Security Management System. This certification ensures that we meet the required standards for information security policies, physical security, environmental security, asset management, compliances and a host of other standards that we meet for establishing, implementing, maintaining and continually improving an information security management system.

Physical Infrastructure

Our physical infrastructure set-up process ensures that we are able to achieve the following primary goals

Best-in-class infrastructure deployment

Industry best standards of security

Continuous review and improvement

We have implemented the below to meet our physical infrastructure objectives.

Dedicated Infrastructure

Fixed office and workstation for every employee

Video Surveillance

24/ 7 surveillance through CCTV cameras

Fire safety

Necessary fire safety equipment in place.

Mobile phone restriction

No cell phones allowed on the floor. Cell phones stored in the lockers outside the office.

Access Control Systems

Entry to every floor restricted only to employees stationed at the particular floor through biometrics access control

Restriction on printing of documents

Access granted to team leads and above

  • Desktop and other technology infrastructure in place with latest configuration
  • Computers and other equipment scraped and replaced every three to four years
  • Dual leased line internet links to ensure 100% uptime.
  • PathQuest facilities have multiple backups through UPS (Uninterrupted Power Supply) systems and diesel generators.
  • Phone Communication: CloudPBX (Ring Central)
  • 24/ 7 IT support Help desk management system
  • Software used like Remote PC, Zoom, Go to Meeting, Microsoft Teams
  • Taxation Software: Drake, ProFx, Pro Series, Lacerte
  • Accounting Software: QuickBooks Desktop, QuickBooks Online, XERO, SageIntacct etc.
  • Disabled DVD drives & external drives
  • Star Topology Network
  • Secured workstations requiring mandatory passwords and 30 days mandatory password expiry and change policy
  • Centralized control over enterprise resources, change control, access control and configuration management for minimum disruption in customer service delivery.
  • Clear desktop/ desk policy implemented.
  • Restricted access to communication channels such as chat tools, public emails, etc.
  • Rigorous round the year audits to evaluate threats and develop and implement relevant counter measures.
  • No storage on local drives, only on central storage
  • Content filters and anti-virus network perimeter.
  • IDS/IPS monitoring of network perimeter.
  • Data Loss Prevention (DLP).
  • Network scans and penetration test
  • Email monitoring by compliance officer
  • Single time source and unified logging of events
  • Vulnerability process audits
  • External audits
  • Application Audits

Security Control Policies

ic-accounting-firms
SSL VPN for Work From Home
ic-accounting-firms
Website Filtering, Content Filtering on Firewall
ic-accounting-firms
Systems are password protected
ic-accounting-firms
Group Email ID by client
ic-accounting-firms
Folder rights based on client allotment
ic-accounting-firms
Internet browsing restricted by firewall
ic-accounting-firms
Whitelisting domain – only authorized person can send out an email
ic-accounting-firms
No USB access or any other external drives
ic-accounting-firms
No office wi-fi access on cell phone

Access to Client’s data and Server

Access to Client’s server in secured environment through VPN / Secured RDP / Citrix

Access for Client’s data to only those users who are working on the client’s account

Restricted user profile for the users based on their roles

Accounting System access protected through password

Accounting System rights assigned as per the role of the users

Many of our clients prefer to send the documents to PABS team through dedicated Group e-mail ID, dedicated fax number or Secured FTP

Data Security Measures

Establish strong passwords

This measure is to define strong password. Passwords are combination of capitals, lower-case letters, numbers, and symbols.

Firewall

We have high availability of firewall to protect our network. Firewalls policies are configured to have complete control on incoming and outgoing internet traffic in our network.

Antivirus protection

Antivirus and anti-malware in place to protecting our company Data. It has strong capabilities to prevent, search for, detect and remove viruses but also adware, worms, trojans, and so on.

Secure every device

Laptops are portable so there is a higher risk that they can be stolen so we have disk level encryption across our devices to encrypt all the data. In doing so, without the right password, our computer’s Data is unreadable.

Regular Updates

All computers are regularly patched and updated by centralized update server.

Schedule backups

Schedule backups on defined frequency as per data backup policy.

Educate employees about Data Security

We believe Prevention is the best way to keep our Data safe. We provide regular trainings to our employees about data security awareness.

PathQuest Security Program (Policies and Procedures)

Acceptable Use Policy

This policy stipulates the constraints and practices that an employee using organizational IT assets must agree to in order to access to the PABS network or the internet. It is standard onboarding policy for new employees.

Access Control Policy

This policy is to define access available to employees in regards to PABS data and information systems. This Policy includes access control standards and Implementation Guides. This policy has standards for user access, network access controls, operating system software controls and the complexity of passwords.

Change Management Policy

PathQuest change management policy refers to a formal process for making changes to IT, software development and security services/operations.

Information Security Policy

PathQuest information security policies are typically high-level policies that covers a large number of security controls. This policy is designed for employees to recognize that there are rules that they will be held accountable to with regard to the sensitivity of the PABS information and IT assets.

Incident Response (IR) Policy

The incident response policy is an organized approach to how the PABS manages incident and remediate the impact to operations.

Remote Access Policy

The remote access policy is a document which outlines and defines acceptable methods of remotely connecting to PABS internal networks.

Email/Communication Policy

PathQuest email policy is a document that is used to formally outline how employees can use the business’ chosen electronic communication medium.

Disaster Recovery Policy

Disaster recovery plan as part of the business continuity plan. If the event has a significant business impact, the Business Continuity Plan will be activated.

Business Continuity Plan (BCP)

BCP Plan describe how the PABS will operate in an emergency.