Security & Compliance at Sigosoft

Security, confidentiality, and reliability are integral to how Sigosoft designs and delivers technology solutions. Our security approach is based on documented processes, risk management, and continuous oversight - not ad-hoc controls.

This page summarizes how information security is governed at Sigosoft and the standards that guide our practices.

ISO/IEC 27001:2022 Certified

Sigosoft Private Limited has been independently assessed by QRO and certified compliant with:

ISO/IEC 27001:2022 - Information Security Management System (ISMS)

Certified Scope:

Our ISMS applies to:

The design, development, testing, deployment, maintenance, and support of web applications, mobile applications, cloud-based software solutions, data analytics platforms, and IT consultancy services - including the management of client data, internal business information, and supporting infrastructure.

Certification is maintained under a formal Statement of Applicability and is subject to periodic surveillance audits.

ISO 27001 certification requires structured governance, documented controls, and evidence that those controls are consistently implemented and reviewed. Compliance is verified independently and reassessed regularly.

Information Security Governance

Our ISMS is aligned with ISO/IEC 27001:2022 requirements and includes:

Risk identification, assessment, and treatment
Defined security objectives and performance monitoring
Documented operational and technical controls
Internal audits and management reviews
Continual improvement processes

Security responsibilities are clearly assigned and recorded across the organization.

Confidentiality & NDA Practice

Confidentiality obligations are established before sensitive information is shared.

NDAs are executed prior to access
Client information and intellectual property remain confidential
Information is only shared externally with written authorization

Access Control

Access to systems and data is limited, reviewed, and revoked when no longer required.

Least-privilege, role-based access
Authorization workflows
Periodic access reviews
Immediate revocation on role change or exit

OnlyAll privileged actions are traceable and accountable. authorized team members can access client systems or data.

Cloud & Infrastructure Security

For solutions deployed on cloud platforms (AWS, GCP, Azure), controls include:

Identity and access management
Encryption of data at rest and in transit
Segregated development, staging, and production environments
Secure network segmentation and firewall policies

Configurations are reviewed periodically against documented procedures.

Employee Security

All personnel with access to systems or information are expected to follow established policies.

Initial and recurring security awareness training
Secure device usage guidelines
Monitoring of privileged access
Defined acceptable-use expectations

Backup, Continuity & Recovery

To support availability and resilience:

Automated backups
Secure storage locations
Documented disaster recovery procedures
Scheduled recovery testing

These measures reduce downtime risk and support data integrity.

Vulnerability & Technical Assurance

Security posture is reviewed proactively.

Planned vulnerability assessments
Secure code reviews
Dependency/configuration checks
Tracked remediation processes

Findings are documented and addressed within defined timelines.

Secure Development Practices

Security considerations are integrated into the development lifecycle.

Secure coding standards
Peer review controls
Managed CI/CD deployment pipelines
Hardened environments

Systems are evaluated against security controls prior to release.

Regulatory & Industry Alignment

The ISMS supports projects operating in regulated and data-sensitive environments, including:

Healthcare and telemedicine platforms
Enterprise SaaS
Fintech and payment systems
Fintech-related solutions
Data analytics applications

Controls are adjusted based on contractual, legal, and risk requirements.