Compliance

Nextlimit Services. provides 100% HIPAA-HITECH compliant operations. Here are the various measures adopted to ensure the highest level of compliance with the stringent demands of these critical data privacy and security standards.

1PHYSICAL ACCESS
    • Controlled access restricted by bio-metric and proximity card systems

    • All employees are issued photo ID cards which they are required to wear at all times when they are within the facility premises

    • Regular review and periodic audits of access logs to check for unauthorized entry attempts

    • Access is granted on a least-privilege principle and configured on a per employee basis

2SECURITY
    • Security personnel on 24-hour duty, posted at all entry and exit points of the facility

    • Logging of visitor details such as name, entry/exit time, contact person’s name, proof of ID, signature and reason for visit in a register kept for the purpose

3MONITORING
    • CCTV monitoring, with recording, of all entry/exit points and inside the production floor

    • Random daily monitoring of stored recordings by security team

    • Recordings are retained in central DVR’s internal hard disk for 6 months and subsequently backed up to an external storage device

4VENDOR ACCESS
    • Vendors are required to sign a confidentiality agreement before accessing sensitive areas such as data/network centre and power supply control room

    • Vendors are always escorted by security personnel, and supervised at all times, either by an employee or security personnel

5MOBILE PHONE USAGE
    • Only managers who are authorized are allowed to use basic non smart mobile phones within the premises

    • All other employees are required to deposit their phones in the locker box before entering the facility

6PERSONAL BAGGAGE
    • No backpacks or bags of any sort are allowed inside the facility

    • All bags are required to be kept in the locker boxes placed outside the production floor

7NETWORK AND APPLICATION USAGE
    • A leading Directory Service is used to create unique user IDs for individual users

    • Access to storage devices is controlled using Domain Group Policy configured in a Windows-based system

    • Password parameters built around strict frequency, complexity, account lockout, length and history compliances

    • User access to shared drives is controlled using group policies

    • Access to USB or other mass storage devices is blocked on workstations

    • Access to printers is allowed to authorized employees only

    • No wireless access points are installed within the facility premises

8FIREWALL
    • High-end ‘Unified Threat Management’ system (UTM) deployed to filter network traffic

    • Internet traffic regulated using content filter, URL filter and application filter systems

    • Port-mapping for traffic between Virtual LANs and from external networks

    • The firewall is set by default to deny all traffic passing between the networks unless specified otherwise by specific ports and service based rules

    • Network Address Translation (NAT) services are enabled to hide internal servers

    • Firewall logs are maintained for all traffic for 3 months and subsequently archived for 1 year

    • Intrusion Prevention Systems (IPS) are provided by the UTM system (using a high-end Firewall system)

    • IPS services are updated in real-time and licenses renewed annually

9VPN (VIRTUAL PRIVATE NETWORK)
    • Site-to-site IPSec VPN tunnels are used to securely establish connection to client network.

    • Access to internal network is restricted to authorized employees only via client-to-site VPN connections.

    • Authorized employees are authenticated using the directory system’s authentication service.

    • VPN connections (site-to-site) are locked down by gateway IP addresses configured at both the facility and the client’s firewalls. If you’re interested in learning more, check out Private Internet Access Review.

10REDUNDANCY MANAGEMENT
    • Fully redundant network stack is maintained

    • Two ISP links are configured in an active-active mode

    • Power backup supplied by 130 KVA UPS and 750 KVA diesel powered generator system

    • All server and network systems are backed up by 22 KVA rack mounted UPS system

11VIRUS & MALWARE PROTECTION
    • A centralized anti-malware system is deployed to provide protection against virus and other malware.

    • Automatic updating of virus definitions and security patches

    • Extra protection from external malware attacks is provided by the gateway firewall

    • Centralized Operating System patch management system deployed using an integrated server update system to ensure critical updates and security patches are applied to all the systems

12OTHER SAFETY MEASURES
    • Fire extinguishers are placed at all key areas within the premises

    • Half-yearly fire drills are conducted to test the effectiveness of fire safety protocols