Security, IT and Infrastructure
Working in Accordance with Global Standards of Information Security and Data Protection
Global standards of information security and data protection.
ISO 9001 : 2015- This certification is meant for international standard for quality management system. The company with this certification is guaranteed to meet the required standard of- o Customer Focus o Leadership o People Engagement o Process Driven Approach o Process Improvement o Evidence Based Decision Making o Relationship Management
ISO 27001 : 2013- Having this certificate specifies that the company is compliant with the international standard for Information Security Management System. With this certification, PABS matches the requirement of- o Information Security Policies o Physical Security o Environmental Security o Asset Management o Compliance These are audited annually and are recertified every 3 years.
To meet the standards of mentioned category, PABS has implemented the below measures including-
Access Control Systems
Continuous review and improvement
We have implemented the below to meet our physical infrastructure objectives.
Fixed office and workstation for every employee
24/ 7 surveillance through CCTV cameras
Necessary fire safety equipment in place.
Mobile phone restriction
No cell phones allowed on the floor. Cell phones stored in the lockers outside the office.
Access Control Systems
Entry to every floor restricted only to employees stationed at the particular floor through biometrics access control
Restriction on printing of documents
Access granted to team leads and above
- Desktop and other technology infrastructure in place with latest configuration
- Computers and other equipment scraped and replaced every three to four years
- Dual leased line internet links to ensure 100% uptime.
- PathQuest facilities have multiple backups through UPS (Uninterrupted Power Supply) systems and diesel generators.
- Phone Communication: CloudPBX (Ring Central)
- 24/ 7 IT support Help desk management system
- Software used like Remote PC, Zoom, Go to Meeting, Microsoft Teams
- Taxation Software: Drake, ProFx, Pro Series, Lacerte
- Accounting Software: QuickBooks Desktop, QuickBooks Online, XERO, SageIntacct etc.
- Disabled DVD drives & external drives
- Star Topology Network
- Secured workstations with password. Mandatory password change policy after 30 days
- Centralized control for enterprise resources, change control, access control and configuration management to avoid interruption in customer service delivery
- Implementation of clear desktop/desk policy
- Limited access to communication channels such as chat tools, public emails etc.
- Periodic audits for threats determination and implementation of relevant steps to avoid them
- Storage only on central storage
- Content filters and anti-virus network perimeter
- IDS/IPS monitoring of network perimeter.
- Data Loss Prevention
- Network scans and penetration test
- Email monitoring by compliance officer
- Single time source and unified logging of events
- Vulnerability process audits
- External audits
- Application Audits
Security Control Policies
SSL VPN for employees to Work from Home
Website Filtering and Content Filtering on Firewal
Password protected systems
Group Email ID by Client
Folder rights based on client allotment
Internet browsing limitations by firewal
Whitelisting domain – only authorized person to send email(s)
No USB access or cell phone access
No office Wi-Fi accessibility on cell phone
Access to Client’s data and Server
Access to Client’s server in secured environment through VPN / Secured RDP / Citrix
Access for Client’s data to only those users who are working on the client’s account
Restricted user profile for the users based on their roles
Password-protected Accounting System
User role-based Accounting System right
Satisfied PABS clients preferring to send the documents to PABS team through dedicated Group e-mail ID, dedicated fax number or Secured FTP
Data Security Measures
Establish strong passwords
Defining strong password through combination of capitals, lower-case letters, numbers, and symbols.
Implementation of firewall for network protection. Firewalls policies are intentionally configured to control incoming and outgoing internet traffic within PABS network.
Antivirus and anti-malware implemented in place to protect company data. It helps to prevent, search for, detect and remove viruses but also adware, worms, trojans, and so on.
Secure every device
All computers are regularly patched and updated by centralized update server.
Deployment of disk level encryption across company devices to encrypt all the data thus ensuring the inaccessibility of data without entering the correct password.
Schedule backups on defined frequency as per data backup policy.
Educate employees about Data Security
Providing regular training to PABS employees about data security awareness.
PathQuest Security Program (Policies and Procedures)
Acceptable Use Policy
This policy stipulates the constraints and practices that an employee using organizational IT assets must agree to in order to access to the PathQuest network or the internet. It is standard onboarding policy for new employees.
Access Control Policy
This policy is to define access available to employees in regard to PathQuest data and information systems. This Policy includes access control standards and Implementation Guides. This policy has standards for user access, network access controls, operating system software controls and the complexity of passwords.
Change Management Policy
PathQuest change management policy refers to a formal process for making changes to IT, software development and security services/operations.
Information Security Policy
PathQuest information security policies are typically high-level policies that covers a large number of security controls. This policy is designed for employees to recognize that there are rules that they will be held accountable to with regard to the sensitivity of the PathQuest information and IT assets.
Incident Response (IR) Policy
The incident response policy is an organized approach to how the PABS manages incident and remediate the impact to operations.
Remote Access Policy
The remote access policy is a document which outlines and defines acceptable methods of remotely connecting to PathQuest internal networks.
PathQuest email policy is a document that is used to formally outline how employees can use the business’ chosen electronic communication medium.
Disaster Recovery Policy
Disaster recovery plan as part of the business continuity plan. If the event has a significant business impact, the Business Continuity Plan will be activated.
Business Continuity Plan (BCP)
BCP Plan describe how the PathQuest will operate in an emergency.