Security & Compliance — Enterprise-Grade Protection
CERT-IN certified, ISO 27001 compliant. Your admission data is protected by industry-leading security standards.
Certifications & Compliance
CERT-IN Certified
Software security certified by India’s national cybersecurity agency (CERT-IN).
ISO/IEC 27001:2013
Information Security Management System (ISMS) certified.
PCI DSS Level 1
Payment processing via Razorpay — no card data on your servers.
DPDP Act 2023
Compliant with India’s Digital Personal Data Protection Act.
GDPR Ready
Data export, deletion requests, and consent management.
Indian IT Act 2000
Compliant with electronic records and data protection requirements.
🔒 Data Encryption
AES-256 at Rest
All sensitive data and documents encrypted with AES-256.
TLS 1.2+ in Transit
All communications secured with TLS 1.2+.
Bcrypt Passwords
Passwords hashed with bcrypt (min 12 rounds) with salt.
File Encryption
Uploaded documents encrypted in storage with access-controlled decryption.
👥 Access Control & Authentication
Role-Based Access (RBAC)
Granular permissions for Super Admin, Institution Admin, Department Admin, Finance Officer, and Applicant roles.
Multi-Factor Auth (MFA)
OTP-based MFA for admin users.
Session Management
JWT-based tokens with configurable expiry. Secure invalidation on logout.
Account Lockout
Auto-lock after 5 failed login attempts with 30-minute cooldown.
💻 Application Security
SQL Injection Prevention
Parameterized queries via ORM.
XSS Prevention
Input sanitization and Content Security Policy headers.
CSRF Protection
Anti-CSRF tokens for all state-changing operations.
File Upload Security
MIME type validation, extension verification, and malware scanning.
Rate Limiting
Per-IP and per-user limits to prevent brute-force attacks.
WAF Protection
Web Application Firewall for DDoS and attack prevention.
📊 Audit & Monitoring
Comprehensive Logging
Every action logged: logins, data changes, document access, payments, role changes.
Real-Time Monitoring
Prometheus + Grafana for performance and security monitoring.
Error Tracking
Sentry for real-time error detection and alerting.
Data Masking
Sensitive fields (Aadhaar, mobile) masked in UI and logs.
☁️ Infrastructure Security
Cloud-Native
Containerized application with auto-scaling and high availability.
Daily Backups
Automated database backups with cross-region replication.
Disaster Recovery
RPO of 1 hour, RTO of 4 hours.
99.9% Uptime SLA
Guaranteed availability during critical admission periods.
Have Security Questions?
Contact our team for a detailed security overview.
Address
Office No. C2-501/502,Saudamini Complex ,Survey Number- 101, 1, Kothrud, Maharashtra 411038
Copyright © Splashgain Technology Solutions Pvt Ltd 2023