Information Security Management
Management is responsible for developing, implementing and enforcing information security and data protection requirements.
Our IT Operations team is comprised as follows. Please ensure that you reach out to the right person for your issues or queries:
- Hardware Specialist: Will take care of all the Hardware related issues (Laptops, Desktops, Printer, Biometric, )
- Software Specialist: Will take care of all the Software related issues (Software updates, OS updates, Software downloads for project need, etc.)
- Network and Server Specialist: Will take care of all intranet related
- Internet Specialist: Will take of all internet related issues
Our IT Operations members are CISM and CCSP certified. All employees must follow their recommendations to ensure that the security of the organization is not compromised in any way.
To promote security, awareness sessions will be taken every quarter for all employees on topics such as company security policies, their responsibilities to protect the confidentiality of information entrusted to them, the appropriate use of resources, using company laptop/internet/email, sharing company related news on public forums, etc. Personnel handling client platform credentials will be provided separate training to ensure that they do not share any client-related information with anyone.
Note: If any employee is found not adhering to the IT policy stated above, it will be regarded as a policy violation and will call for strict action including termination of service.
HR Background check process
Blue Flame Labs has a strict policy of verifying every candidate’s credentials before releasing the offer. Since you are a part of this organization, we would like to educate and inform you about the activities we undertake for background checks.
When a candidate is selected, HR first collects all the original Government certified IDs, Education certificates, Address Proofs and letters from previous organization. The HR then goes through all the documents and verifies whether the candidate has lied about any credentials and qualifications. The HR also sends a person to check whether the address proof provided is valid and enquire about any criminal and financial fraud records. HR also conducts drug test and psychometric test. HR also has discussions
with previous organizations to understand the candidates’ behavior, attitude, longevity, job performance, both verbally as well as written record. Once the candidate passes all the tests, the HR releases the offer letter which once signed is legally binding with NDA and Confidentiality Breach agreement.
Information security policy
The Information Security Policy is designed to keep Blue Flame Labs and its employees secured from cyber threats. Periodic audits will take place every other month to ensure that the listed policies are being followed and to check the security is intact. Violation of any of the guidelines and policy might result in legal proceedings and termination of employment. The security policies are subject to change
as we identify new threats every other month and revise the countermeasures for prevention of security breach.
- Internet Use Policy: Internet usage for personal use (social media, personal emails only) from company provided laptops is strictly prohibited. The following list of activities are strictly prohibited to be performed on the company provided laptops and machines: online gaming, online shopping, streaming/downloading/storing porn, streaming/downloading movies/games/software/plugins/apps, torrent sites, clicking on suspicious links in emails, opening or downloading spam/suspicious attachments from email, etc. Company Internet and Wi-Fi should not be used for access from smart phones unless permitted. If found in violation of this policy, company is entitled to terminate the employee and take legal proceedings for compromising the security/performance of company data/asset.
- Anti-Virus Policy: All company laptops have been installed with an
anti-virus software. Kindly refrain from downloading or installing any other anti-virus
software package without consulting the IT operations Additionally, following guidelines
should be followed:
- Never open mail from suspicious or unknown source
- Delete junk mail upon receipt
- Avoid downloads from unfamiliar sources
- Use of external Hard-drives, disks, pen-drives, memory sticks, etc. is prohibited Laptops will be monitored periodically by the IT operations team.
- Disaster Recovery: Periodic backups of the company data will be taken by the IT operations Additionally, employees should take backup of their data and save it on company provided OneDrive (Microsoft Cloud) which can be accessed using official email id only (firstname.lastname@example.org).
- Email Policy: Web-based email use is strictly prohibited. Company
provided laptops have Office365 suite installed. Email will be configured in Outlook by
the IT Admin. Company provides quarterly sessions on “Email and Communication
etiquettes” to be attended Personal email will not be configured in Outlook.
Carrying out following activities from company email is strictly prohibited:
- Use of email for pornographic or obscene use
- Abusive language to colleagues or clients
- Running personal business through company email or company resources
- Defamation of company character
- Password: Company has implemented periodic password change through Microsoft If, when prompted, the password is not changed, your email account and all related apps will lock down and you will have to notify the IT Operations to reset your password. This password policy would require a password with a combination of alphanumeric, upper and lower case, special characters, and should be more than 8 characters. Previously used passwords cannot be used when setting up a new password. All company laptops have a security password that is required when downloading any application or software on the laptop. This password will not be given to any employee under any circumstances. If a software or application is a requirement for a project, please reach out to the IT team well in advance explaining the requirement and request for download.
- Remote Access: Company prohibits all remote access to company network from personal laptops or All project related work can be only performed on company laptops.
Data Protection / Confidentiality
Blue Flame Labs enters into confidentiality and non-disclosure agreements with their vendors, contractors, employees and clients to contractually safeguard personal and other confidential information belonging to Blue Flame Labs and/or given in the custody of Blue Flame Labs.
- All employees will abide by the business code of conduct of the company and will not undertake any work that competes with the nature of business of this company, nor can anyone indulge in any activities that conflict with the interests of this company. The employees should also maintain confidentiality about their duties and the work carried out by Blue Flame
- All employees will maintain privacy about the company, client names, client contacts, project details, and client’s data and will not disclose and take anything out of the premises without permission from the Management.
- The employees are not allowed to commit any act that in anyway binds the company in anyway and they shall not represent the company unless permitted in writing.
- Each employee should follow the directions and instructions of the management from time to time related to Data privacy.
- In the Microsoft Azure Intune Policy, we have blocked confidential emails sending on external id’s with data labelling policy.
- As per design by Microsoft, you can sign in with only corporate account in the MS Intune Company Portal App.
- As per device compliance policy company Overview of the phone which includes Device name, Serial number, Operating OS, Phone make and model and Service Provider , Mac address , Compliance Status, IMEI Number.
- Identify and segregate the number of users using different platform devices.
- MS Intune policies for each platform g. iPhones, iPads, Androids, and Windows phones.
- Cut/Copy from Office 365 Applications (One Drive, Exchange, SharePoint ) is restricted on any non-domain joint / Personal device.
- Device compliance – policies we use to make devices compliance for IOS & Android.
Wireless and Remote Access
Use of wireless technologies (Bluetooth, AirDrop, etc.) are prohibited to transmit any data. Any data that needs to be shared should be done via company access given OneDrive Microsoft Cloud.
Business Continuity and Disaster Recovery
All the applications that we use are on cloud. We do not use hardware servers to store any of the data on-site to safeguard ourselves from natural disasters or man-made disasters.
Network Room and Electrical room is well conditioned with climate control and 24x7 backup power supply.
All emails, ERP applications, CRM, etc. are licensed versions bought from Salesforce, Microsoft and Google.
Every code that is written and deployed is saved at the client shared location on cloud for recovery.
Employee written code is tested twice, once by the Code Review Committee and once by the QA in supervision of the Project Manager to ensure that the code works as per client’s requirement before deploying it to live production.
Coding Best Practices sessions are given every alternate month to promote awareness on optimized coding.
We have tested a Disaster Recovery scenario where we checked our multi-factor authentication for all the applications. We also tested the access level security set based on roles of all the employees. Data deletion and recovery was done successfully because Super Admin credentials are always with the management to address “rogue” intentions of any employee including IT security staff. Compromise through Social Engineering was sabotaged because the applications are set to lockdown and can be reset only by the Super Admins (Management).
Regular backups are scheduled on a weekly basis where the Project Managers and Super Admins identify that the data is regularly backed up. Collective storage of the organization is 5000 GB and can be increased immediately when required. So far, 1785 GB of data is backed up.
Cyber Insurance Policy Protection
Blue Flame Labs has a Cyber Insurance Policy Protection that covers the following:
- Combined benefit of third-party (cyber liability) and first party (cybercrime expense) coverage
- Coverage for fraudulent or malicious acts by employees
- Privacy notification expenses coverage is triggered without a requirement for a claim or a regulatory requirement mandating the notification
- Covers Cyber hacking and cyber-attack incidents
- Disclosure Liability coverage extends to outsourced data processing and data storage services
- Broad definitions of "computer" and "system" address enterprise wide network exposure, including laptops, disk drives, backup tapes, and mobile devices.