RANSI follows global best practices when it comes to security processess and prctices with in the organization. RANSI follows BS7799, the international standard for information and physical security controls. Data protection is one of the key challenges, which RANSI has been able to address in a variety of different ways, suiting specific customer requirements. A robust, flexible and scalable internal IT infrastructure with risk assessment based security controls embedded at the design stage makes the Offshore development center experience manageable and secure.

RANSI has well defined and documented security policies, processes and guidelines in place for reasonable protection of Information in all the stages of the information life cycle and also for the offshore development centers. Our commitment for security, well documented processes, technological controls along with the continuous user awareness initiatives, constitute some of the critical factors for RANSI's security program.

Some of the domain areas which are reflected in RANSI's security policies are risk management, access control, legal compliance, offshore development security, virus prevention, asset management, business continuity management, and security incident management, and user awareness etc to name a critical few. Most of these are considered critical for enabling asafe comupting environment at RANSI.

Risk based approach is undertaken for designing and implementing controls on availability and security parameters for IT services and offshore business operations. Some of the salient features in this area include :

  • Assessment of IT and business level risks on a periodic basis in various levels in the organization.
  • Coverage of risks covering people, process and technology components.
  • Internal and external audits based continuous improvement program.
  • Security advisories and awareness communication to user community and business unit teams based on risk levels, real life incidents and severity of threats.
  • Risk management plans for various types of project life cycle models.

Industry standard access and authorization mechanisms for accessing crtical applications are deployed to protect data in addition to advanced controls such as encryption. Users are educated continuously on various threat factors and ways and means to adderss the issues for safeguarding intellectual property of RANSI and its customers. RANSI establishes secure mode of wide area connectivity with its customers to fulfill business requirements and customer/RANSI data is handled with utmost care including suitable backup mechanisms and fail safe storage in all RANSI locations. Various regulatory compliance aspects of RANSI's customers are given importance while designing specific customer based offshore development center solutions. Customer project teams back-up data on a periodic basis within their environment as per specific customer requirements and follow the plan as signed off in the business agreements with the customers.

Some of the physical security measures include imparting education on employee safety practices, constant patrolling of the premises, mandatory check of photo ID at entry, restrictions in visitor movements, and compulsory search of all incoming packages. All identified sensitive areas inside the RANSI premises are access controoled on a need to know and enter basis.

We have comprehensive network security, employee security, physical security, and incident response mechanisms in place.

Network Security:

Reliable & Fail-Safe
  • 99% network Uptime.
  • Built-in redundancies.
Offshore centers on client backbone
  • Secure dedicated channels between RANSI & Client.
  • Offshore centers insulated from internet and other networks.
  • Restricted access to RANSI's applications using firewalls.

Employee Security:

Security procedures explained during employee induction
  • Regular follow-up through mail, computer based training initiatives, web casts.
  • Confidentiality agreements between employee and RANSI at the time of induction.
Physical security
  • Offshore centers physically and logically insulated.
  • Offshore centers declared 'Restricted access'.
  • Centrally controlled electronic access.
Dedicated information security team focussing on
  • Information risk management.
  • Security infrastructure design and management.
  • Business continuity and disaster recovery planning.
  • Incident response - emergency response teams.
  • Security operations - 24/7 management & monitoring.
  • Specialists with various certifications like CISSP, CISA, CISM, PMP, MBCP, SANS etc in addition to various vendor based certification programs.

Incident Response:

Emergency Response Team (ERT)
  • ERT is an internal team of employees designed to respond to emergencies. All volunteers are trained in fire safety, First Aid and evacuation drill.
Security Emergency Response Team (SERT)
  • SERT brings in an organized incident response capability into RANSI's system and network security.
Employee Awareness
  • Regular awareness mailers to users based on variety of sources.
  • Customized incident notifications to users for preventive actions.
  • User awareness sessions provided by internal security experts and external faculty.