Information Security & Privacy (ISP) Policy

Information Security & Privacy Policy

Sentient360 (S360) is a software development company specializing in customized application development. At S360, we are dedicated to delivering high-quality, secure, robust, and reliable software that not only meets the needs of our clients but also prioritizes security. Our commitment to information security best practices is an indispensable part of our culture and operations. We firmly believe that by integrating security into every stage of development, we not only protect our clients' interests but also contribute to a more secure digital environment. We uphold the highest standards of information security and privacy to protect the data entrusted to us by our clients, partners, and employees. Our commitment to safeguarding information is an essential part of our core values.

Information Security Commitment

  • Data Protection: We diligently protect the confidentiality, integrity, and availability of sensitive information against unauthorized access, disclosure, alteration, and destruction.
  • Compliance: We strictly adhere to all relevant data protection and privacy laws and regulations, continuously monitor updates, and promptly adapt to ensure compliance.
  • Education & Training: We invest in continuous education, training and awareness programs for our team to ensure that they comprehend the significance of information security and their role in preserving it, while making sure they stay up to date with the latest cyber threats and best practices in secure coding.
  • Risk Management: We regularly assess risks to our software and data assets and implement robust safeguards to mitigate potential vulnerabilities.
  • Access Control: We leverage stringent access control measures, granting permissions on a need-to-know basis, and implementing strong authentication methods.
  • Incident Response: We maintain a robust incident response plan to swiftly and effectively manage security incidents, including potential data breaches
  • Data Retention: We retain data only for the necessary period for the intended purpose and dispose of it securely when it is no longer required.

Privacy Commitment

  • Transparency: We are committed to transparency regarding data collection, utilization, and providing individuals with control over their data.
  • Consent: We ensure explicit and informed consent when gathering personal data, and individuals have the right to withdraw their consent.
  • Data Minimization: We strictly limit data collection and processing to what is essential for the intended purpose.
  • Data Subject Rights: We respect individuals' rights to access, rectify, or delete their personal data upon request.
  • Third-Party Data: We ensure third-party data processors adhere to high standards of data protection and privacy.

Secure Coding Commitment

  • Code Reviews: We are committed to transparency regarding data collection, utilization, and providing individuals with control over their data.
  • Testing: We perform comprehensive security testing, including penetration testing and vulnerability scanning, to detect and remediate potential security issues before deployment.
  • Security by Design: Security is integrated into our development process from the design phase, making it an inherent part of our software's DNA.
  • OWASP Guidelines: We adhere to the OWASP (Open Web Application Security Project) guidelines and other industry best practices to implement secure coding and mitigate common vulnerabilities such as SQL injection, cross-site scripting, and others.
  • Secure Development Tools: We utilize state-of-the-art tools and technologies that facilitate secure coding, code analysis, and automated security checks.
  • Third-Party Components: We carefully evaluate and monitor third-party components and libraries to ensure they meet our strict security standards.

Accountability

Our commitment to the security and privacy of information is integral to our operations as a software development company. It is vital for maintaining the trust of our stakeholders and clients. Every member of S360 team, including employees, contractors, and partners, is responsible for upholding this policy. Violations of this policy may result in disciplinary action, including termination of employment or contract. This Information Security and Privacy Policy is reviewed regularly and updated as needed to adapt to evolving technologies and changing standards and regulations.