Security Policy / Information Protection Policy

Last Updated: May 14, 2025

At Varenya Softech Private Limited, we are committed to safeguarding the confidentiality, integrity, and availability of the data entrusted to us — both our clients’ and our own. This Security Policy outlines the principles, controls, and responsibilities we follow to protect information assets across our systems and services.

1. Our Commitment to Information Security

We adhere to industry best practices, regulatory frameworks, and globally recognized standards such as:

  • ISO/IEC 27001 (Information Security Management)

  • NIST Cybersecurity Framework

  • Indian IT Act, 2000 and its amendments

  • GDPR, where applicable

2. Scope of Policy

This policy applies to:

  • All employees, contractors, and third-party vendors

  • All digital platforms, infrastructure, cloud services, and data storage under our control

  • All client data processed, stored, or transmitted through our services

3. Key Security Practices
🔐 Data Protection & Encryption
  • All sensitive data is encrypted at rest and in transit using industry-standard algorithms (e.g., AES-256, TLS 1.3).

  • Personal and client data is access-controlled and stored in secure environments.

👥 Access Control
  • Role-based access control (RBAC) is enforced across all systems.

  • Access to information is granted strictly on a need-to-know basis.

🛡️ Network & Infrastructure Security
  • Firewalls, intrusion detection systems (IDS), and real-time monitoring tools are deployed.

  • Cloud and on-prem infrastructure are hardened with regular patching and vulnerability assessments.

🧠 Employee Awareness & Training
  • All employees undergo mandatory cybersecurity and data privacy training.

  • Periodic refresher courses and phishing simulation drills are conducted.

🧾 Vendor Risk Management
  • All third-party vendors and partners undergo security due diligence.

  • Data processing agreements and NDAs are in place.

4. Incident Detection & Response

We maintain an active Security Operations Center (SOC) and have:

  • A defined Incident Response Plan (IRP) for cyber threats

  • Real-time alerting and 24/7 monitoring of security events

  • A breach notification protocol in accordance with regulatory requirements

5. Business Continuity & Disaster Recovery

Varenya Softech maintains:

  • A documented Business Continuity Plan (BCP)

  • Data backup systems with encrypted replication and disaster recovery processes

  • Regular testing of contingency plans

6. Client & Project Confidentiality

We understand the sensitivity of client data and projects, especially in KPO and analytics.

  • Client data is isolated and protected through logical and physical controls.

  • All employees and project personnel are bound by non-disclosure agreements (NDAs).

7. Compliance Monitoring & Audits

We regularly:

  • Conduct internal and third-party audits

  • Review and update policies in line with new threats, technologies, and legal standards

  • Maintain compliance documentation and logs

8. Contact Us

If you have any questions or concerns about our security practices, or if you believe your data has been compromised, please contact our Data Security Team:

Varenya Softech Private Limited