Security Policy

Effective Date: 24th March 2025

At Evaca, we are deeply committed to safeguarding the security of your data and ensuring that our systems are robust, resilient, and capable of protecting against evolving cyber threats. This Security Policy outlines the measures, practices, and procedures we follow to maintain the confidentiality, integrity, and availability of your information and to ensure the security of our services.

1. Data Protection and Confidentiality

Evaca implements strict security measures to protect all information that we handle, including personal, financial, and business data. Our approach includes:

  • Data Encryption: All sensitive data is encrypted both in transit and at rest using industry-standard encryption methods.

  • Access Control: We enforce strict access controls to ensure that only authorized personnel can access sensitive data. Role-based access controls (RBAC) are implemented across all systems to minimize the risk of unauthorized access.

  • Data Minimization: We collect only the minimum amount of personal data necessary for providing our services and complying with regulatory requirements.

2. System Security

We maintain secure systems and infrastructure to protect against data breaches, hacking, or other unauthorized access. Key system security measures include:

  • Firewalls and Intrusion Detection: We utilize advanced firewalls and intrusion detection systems (IDS) to detect and block unauthorized access attempts in real time.

  • Regular Vulnerability Scanning: Our systems are regularly scanned for vulnerabilities and patched to ensure they are up-to-date with the latest security updates and patches.

  • Multi-Factor Authentication (MFA): We require multi-factor authentication for access to critical systems and data to add an extra layer of security.

3. Incident Response and Management

In the event of a security incident or data breach, Evaca follows a well-defined incident response plan to ensure quick and effective action. Our process includes:

  • Incident Identification: We continuously monitor systems for unusual activity and potential threats to detect incidents as early as possible.

  • Incident Containment: We act swiftly to contain the incident and minimize damage by isolating affected systems or networks.

  • Investigation and Remediation: Our team conducts thorough investigations to determine the cause of the incident and implements corrective actions to prevent recurrence.

  • Notification: If a breach involves sensitive personal data, we notify affected individuals and relevant authorities as per applicable legal requirements.

4. Compliance with Regulatory Requirements

Evaca is committed to complying with all relevant data protection and cybersecurity regulations, including:

  • General Data Protection Regulation (GDPR): We follow GDPR guidelines for data protection and privacy for individuals in the European Union.

  • Health Insurance Portability and Accountability Act (HIPAA): We comply with HIPAA to protect the privacy and security of health information.

  • Payment Card Industry Data Security Standard (PCI DSS): We adhere to PCI DSS requirements for the protection of payment card data.

  • Other Industry Standards: We follow other relevant industry standards and local laws to ensure regulatory compliance.

5. Security Awareness and Training

We recognize that human error can be a significant security risk, so we provide ongoing security awareness training to all employees and contractors. The training includes:

  • Phishing Awareness: Educating staff on how to recognize and avoid phishing attacks.

  • Data Handling and Privacy: Best practices for handling and securing sensitive data.

  • Security Best Practices: Training on secure password management, safe internet use, and identifying common security threats.

6. Third-Party Security and Vendor Risk Management

We understand that the security of third-party vendors and partners is critical to the overall security of our services. Evaca conducts comprehensive security assessments for third-party vendors to ensure they meet our security standards. These assessments cover:

  • Security Audits: Regular audits to assess the security posture of third-party vendors.

  • Contractual Obligations: We ensure that all third-party contracts include provisions for data protection, security requirements, and compliance with relevant regulations.

7. Business Continuity and Disaster Recovery

Evaca has a comprehensive business continuity and disaster recovery plan (BC/DR) in place to ensure that operations can continue and data can be restored in the event of a disruption. Our BC/DR plans include:

  • Regular Data Backups: We maintain secure, encrypted backups of critical data and systems to ensure data can be recovered in case of a disaster.

  • Failover Systems: Redundant systems are in place to minimize downtime in the event of a system failure.

  • Incident Response Drills: We regularly test our business continuity and disaster recovery plans through simulated incidents to ensure readiness.

8. Security Governance and Risk Management

Evaca continuously monitors and assesses security risks to ensure that our security posture evolves in response to emerging threats. We employ a structured risk management approach that includes:

  • Risk Assessments: Regular risk assessments to identify, assess, and mitigate security threats and vulnerabilities.

  • Security Governance Framework: A comprehensive security governance framework to oversee our cybersecurity efforts and ensure alignment with industry best practices.

9. Continuous Improvement

We are committed to the continuous improvement of our security measures. This includes:

  • Security Audits: Regular internal and external security audits to ensure the effectiveness of our security controls.

  • Feedback Loop: We collect feedback from employees, clients, and stakeholders to improve our security practices.

10. Contact Us

If you have any questions regarding our security practices or need further information, please don’t hesitate to reach out to us:

Evaca Cybersecurity
Email: contact@evaca.in
Website: www.evaca.in

We are dedicated to maintaining the highest standards of security to protect your information and our systems. Thank you for trusting Evaca with your cybersecurity needs.

By using our services, you agree to the terms outlined in this Security Policy. We reserve the right to update this policy as needed and will post any changes on this page.