Overview

In times like the present, especially in the post- covid world, we are constantly shifting to the cloud, adapting to new technology on a regular basis, to expand our visibility. However, with the wide exposure comes one persistent question- How are we Secured?

We understand how valuable can the data be for you and your business, and hence, are aware of the gravity of a safe and secure environment.

KONDESK being a CRM platform for Edu-migration is bound to deal with a lot of data related to your clients, and we are aware of the significance of these data that you are entrusted with. Hence, we strive to get you covered with our company’s security provisions so that you can focus on leading a safe business and we take care of the safety of your data.

Organizational security

At KONZE, we have a dedicated team for asset and information security management which takes into account our security objectives and the risks and mitigations concerning clients as well as employees. As we defined a strict policy for data management, profile and password management. If there is any breach seen, we are always having our back up team ready with all the arrangement and preparation that makes sure that the issue is solved as quickly as possible. We employ strict policies and procedures encompassing the security, availability, processing, integrity, and confidentiality of customer data.

Employee background checks
Each employee undergoes a process of background verification. We have a compulsory step with the hardcoded application to confirm the background check of the employee. Our team is dedicated for this check and also the management keeps this on their priority. We do this to verify their criminal records, previous employment records if any, and educational background. Until this check is performed, we do not hire the candidate.

Strict offboarding process
Strict rules executed by the system has compulsory stage in offboarding in which, the client’s information like contact and project details are taken from the employee and the non-confidentiality agreement is signed. Also both the IT infrastructure team and department head confirms that the person has kept all the client as well as application data safe and secure.

Onboarding security
Each employee, when being onboarded, signs a confidentiality agreement and acceptable use policy, after which they undergo training in information security, privacy, and compliance – which is also the part of company policy and given to all as an employee handbook. Furthermore, we evaluate their understanding through tests and quizzes to determine which topics they need further training in by using the inhouse LMS. We provide training on specific aspects of security, that they may require based on their roles.

Continuous Training
We educate our employees continually on information security, privacy, and compliance in our internal community where our employees check in regularly, to keep them updated regarding the security practices of the organization. We also host internal events to raise awareness and drive innovation in security and privacy.

Continuous Monitoring
Any process can be executed perfectly only if it is being monitored on a continuous level. We at KONZE take the responsibilities seriously and have many managers in various functions who have such kind of monitoring under their roles and responsibility. Also, we are encouraging automation which is making the monitoring more effective which also takes the problematic event to be converted into actionable items rather than just a small notification.

Internal audit and compliance
As being an ISO 9001:2015 certified, audit is an important factor for us. We have a dedicated team to review procedures and policies to align them with policies, and to determine what controls, processes, and systems are needed to meet the policies. This team also does periodic internal audits and the top management also give their dedicated attention to it.

KONDESK Security Measures

“Built-In Security” for a KONDESK CRM application for customers.

• Authentication: KONDESK is supported with the authentication methods supported (e.g. password), and we have worked towards incorporating all the measures to eliminate the possibility of account hijacking (e.g. rate limiting, IP blocking).
• Role-based access control: The idea of Role-based Access Control (RBAC) conforms well with our intention of developing a secure space as it provides the users to limit access to the customer data based on their roles to maintain the integrity of the information available. This could include details about the different roles that are available (e.g. administrator) and the corresponding permissions associated with each role.
• Auditing and logging: We track and record all the actions in the form of logs which can track any required action from the user to monitor any change and also becomes helpful for restoring purpose. And also, we made sure to notify customers about the retention period for such data and also our transparent, robust and user-friendly policies for data access for regulatory compliance. Auditing and logging can be used to detect and investigate security breaches, compliance violations and suspicious activities. We also use it to track changes in the system configurations and provide evidence for any query or investigation as and when needed. 
• Security testing: Our dedicated Quality Analysis team is committed to give their best on various level of software testing using the latest methods. The process includes penetration testing, code reviews, feature wise testing and many more stages. The teams make sure that before the release at least twice it is been checked and the managers are also committed to the process.
• Compliance: Compliance in CRM applications requires a holistic approach that includes data privacy, security, retention, archiving and business continuity planning to ensure that organization meets legal and regulatory requirements while protecting sensitive customer data.  KONDESK meets relevant compliance standards and regulations for which our compliance and legal team always make a research and give their insights. We believe to be the best when it comes to additional security measures to meet industry-specific compliance requirements.  
• Monitoring: Along with the regular audits, we have dedicated stakeholders who monitor the applications frequently by logging in to the application on several levels. They try to detect any abnormal behaviour, incident response plan, security incident communication to the customers, stakeholders and regulatory bodies and make sure to report them to the HODs.
• Incident Response: We have made sure that our customer is having the easiest way to contact our support team at different level. It is informed to the client along with the guidance that how they can contact the support and also all the details we have kept available on our application. Our dedicated customer support team is always on stand 2 in case of any incident which had cause any trouble for client and our in-house team is streamlined on the same on high priority. We give our customer assurance of their data and keeping state-of-the-art infrastructure which will make sure to recover any data loss with a powerful backup and restore procedure. We do believe that ‘data is the new oil’ and we give the required importance to that.
• Regular updates and patches: The KONDESK is being updated on regular basis and the users gets all the updates without fail on timely manner. Address new security threats and vulnerabilities is always at our paramount priority.
• Network security: Our Network team is having the members who believe in strong rules and regulation to define as well as to follow it. Which has resultant the application to must have the SSL certification, may it be the client platform or the development environment – they get under a thorough scanning on various levels executed as a standard procedure. Our infrastructure includes all the standard recommendations like firewalls, intrusion detection/prevention systems, and VPNs. There are strong rules for the development team and data team as well to work on the database and servers by following a strict guidelines and secured environment recommended by the Network team.
• Host security: Here we have the course of action included to protect the servers and other infrastructure that host the CRM application, such as operating system hardening, antivirus/antimalware software, and regular software updates and patches.
• Database security: We know how the database plays a vital role as it is the storehouse of all the customer data, therefore we have put in place operations such as encryption, access controls, and regular backups to keep your data safe. We have made a strong access control Database System in which by using strict norms, only the valid, authenticated and specific people can access the database system for any operation. Besides, our system’s activities are continuously monitored and if there is anything unusual about any activity then disciplinary steps are taken as per our strong policy. To make the server network impenetrable by using the most recommended practice in the industry. As per our quality statement, we make sure just like all other platforms, our database software is regularly updated by recommended installations and patches to provide state-of-the-art infrastructure.
• Application security: We have put into This includes measures to protect the CRM application itself, such as input validation, authentication, and access controls.
• Disaster recovery and business continuity: We know and we understand that there are some situations out of our control. Hence, we have come up with security solutions for such events of disasters or outages so that important data can be recovered and business operations don’t get interrupted because of the lost data. We are using one of the best cloud infrastructure for our system and data, by which our team is able to bring the lost data in nominal time. 
• IAM (Identity and Access Management)
  • Authentication: To validate and be aware of who gets to use the CRM is vital to start with to maintain a safe space. Hence, this is the process of verifying the identity of a user. This can be done through a variety of methods, such as username and password, multi-factor authentication, or certificate-based authentication.
  • Authorization: The process is in place to determine whether a user is allowed to access a particular resource or perform a specific action, we have included role-based access controls, where users are assigned specific roles according to their job responsibilities with predefined permissions, or through fine-grained access controls, where permissions are assigned to individual users or groups of users.
  • Access management: Next, towards making a safe space, we have access management to limit and control access to resources, such as web applications, network devices, and data storage systems. This can be done through a variety of mechanisms, such as firewalls, VPNs, and web application gateways.
  • Identity management: This is the process of managing identities, such as creating, updating, and deleting user accounts. This can also include the management of permissions, such as assigning users to roles, and can also include provisioning and de-provisioning of resources.
  • Auditing and reporting: For the next step, we have the process of tracking and recording user actions and resource access attempts. This can be used for compliance and regulatory requirements as well as to troubleshoot any issues that may arise.
• Vulnerability Management: Vulnerability management is an essential aspect to maintain the security of a CRM application as it involves identifying, evaluating, and mitigating security vulnerabilities in the application and its underlying infrastructure and that we follow for KONDESK. Some of the key components of vulnerability management for a CRM application include:
  • Vulnerability scanning
  • Patch management
  • Risk assessment
  • Remediation
  • Continuous monitoring
  • Incident response plan