Security, IT and Infrastructure
Working in Accordance with Global Standards of Information Security and Data Protection
Global standards of information security and data protection.
Pathquest is an ISO 9001:2015 certified company. The ISO 9001:2015 is the international standard for quality management system. This certification ensures that we meet the required standard of Customer focus, Leadership, People Engagement, Process driven approach, Process Improvement, Evidence-based decision making, Relationship Management in all our core functions.
Pathquest is an ISO 27001:2013 certified company. The ISO 27001:2013 is the international standard for ISMS – Information Security Management System. This certification ensures that we meet the required standards for information security policies, physical security, environmental security, asset management, compliances and a host of other standards that we meet for establishing, implementing, maintaining and continually improving an information security management system.
Our physical infrastructure set-up process ensures that we are able to achieve the following primary goals
Best-in-class infrastructure deployment
Industry best standards of security
Continuous review and improvement
We have implemented the below to meet our physical infrastructure objectives.
Fixed office and workstation for every employee
24/ 7 surveillance through CCTV cameras
Necessary fire safety equipment in place.
Mobile phone restriction
No cell phones allowed on the floor. Cell phones stored in the lockers outside the office.
Access Control Systems
Entry to every floor restricted only to employees stationed at the particular floor through biometrics access control
Restriction on printing of documents
Access granted to team leads and above
- Desktop and other technology infrastructure in place with latest configuration
- Computers and other equipment scraped and replaced every three to four years
- Dual leased line internet links to ensure 100% uptime.
- PathQuest facilities have multiple backups through UPS (Uninterrupted Power Supply) systems and diesel generators.
- Phone Communication: CloudPBX (Ring Central)
- 24/ 7 IT support Help desk management system
- Software used like Remote PC, Zoom, Go to Meeting, Microsoft Teams
- Taxation Software: Drake, ProFx, Pro Series, Lacerte
- Accounting Software: QuickBooks Desktop, QuickBooks Online, XERO, SageIntacct etc.
- Disabled DVD drives & external drives
- Star Topology Network
- Secured workstations requiring mandatory passwords and 30 days mandatory password expiry and change policy
- Centralized control over enterprise resources, change control, access control and configuration management for minimum disruption in customer service delivery.
- Clear desktop/ desk policy implemented.
- Restricted access to communication channels such as chat tools, public emails, etc.
- Rigorous round the year audits to evaluate threats and develop and implement relevant counter measures.
- No storage on local drives, only on central storage
- Content filters and anti-virus network perimeter.
- IDS/IPS monitoring of network perimeter.
- Data Loss Prevention (DLP).
- Network scans and penetration test
- Email monitoring by compliance officer
- Single time source and unified logging of events
- Vulnerability process audits
- External audits
- Application Audits
Security Control Policies
SSL VPN for Work From Home
Website Filtering, Content Filtering on Firewall
Systems are password protected
Group Email ID by client
Folder rights based on client allotment
Internet browsing restricted by firewall
Whitelisting domain – only authorized person can send out an email
No USB access or any other external drives
No office wi-fi access on cell phone
Access to Client’s data and Server
Access to Client’s server in secured environment through VPN / Secured RDP / Citrix
Access for Client’s data to only those users who are working on the client’s account
Restricted user profile for the users based on their roles
Accounting System access protected through password
Accounting System rights assigned as per the role of the users
Many of our clients prefer to send the documents to PABS team through dedicated Group e-mail ID, dedicated fax number or Secured FTP
Data Security Measures
Establish strong passwords
This measure is to define strong password. Passwords are combination of capitals, lower-case letters, numbers, and symbols.
We have high availability of firewall to protect our network. Firewalls policies are configured to have complete control on incoming and outgoing internet traffic in our network.
Antivirus and anti-malware in place to protecting our company Data. It has strong capabilities to prevent, search for, detect and remove viruses but also adware, worms, trojans, and so on.
Secure every device
Laptops are portable so there is a higher risk that they can be stolen so we have disk level encryption across our devices to encrypt all the data. In doing so, without the right password, our computer’s Data is unreadable.
All computers are regularly patched and updated by centralized update server.
Schedule backups on defined frequency as per data backup policy.
Educate employees about Data Security
We believe Prevention is the best way to keep our Data safe. We provide regular trainings to our employees about data security awareness.
PathQuest Security Program (Policies and Procedures)
Acceptable Use Policy
This policy stipulates the constraints and practices that an employee using organizational IT assets must agree to in order to access to the PABS network or the internet. It is standard onboarding policy for new employees.
Access Control Policy
This policy is to define access available to employees in regards to PABS data and information systems. This Policy includes access control standards and Implementation Guides. This policy has standards for user access, network access controls, operating system software controls and the complexity of passwords.
Change Management Policy
PathQuest change management policy refers to a formal process for making changes to IT, software development and security services/operations.
Information Security Policy
PathQuest information security policies are typically high-level policies that covers a large number of security controls. This policy is designed for employees to recognize that there are rules that they will be held accountable to with regard to the sensitivity of the PABS information and IT assets.
Incident Response (IR) Policy
The incident response policy is an organized approach to how the PABS manages incident and remediate the impact to operations.
Remote Access Policy
The remote access policy is a document which outlines and defines acceptable methods of remotely connecting to PABS internal networks.
PathQuest email policy is a document that is used to formally outline how employees can use the business’ chosen electronic communication medium.
Disaster Recovery Policy
Disaster recovery plan as part of the business continuity plan. If the event has a significant business impact, the Business Continuity Plan will be activated.
Business Continuity Plan (BCP)
BCP Plan describe how the PABS will operate in an emergency.