Security Statement
For USR INFOTECH
Introduction
At USR INFOTECH Solutions Pvt. Ltd., we understand the critical importance of securing our clients’ data—especially in the HR and performance management domain. Our security framework is built to protect the confidentiality, integrity, and availability of information entrusted to us by our reseller partners, their end clients, and users worldwide.
1. Platform & Data Security
We employ enterprise-grade security measures to ensure data protection across our white-label HR platforms:
Encryption: All data is encrypted in transit (TLS 1.2+) and at rest using AES-256.
Access Control: Role-based access, MFA (Multi-Factor Authentication), and IP restrictions where applicable.
Data Isolation: Tenant-wise logical data separation to support secure white-label deployments.
Secure APIs: Token-based authentication for third-party integrations and API access.
2. Infrastructure Security
Hosting: Platforms are hosted on ISO 27001, SOC 2 Type II certified cloud infrastructure (e.g., AWS, Azure, Hertzner, Google or region-specific data centers).
Geo-Flexibility: Support for regional data hosting in compliance with country-specific regulations like GDPR, DPDPA (India), or GCC privacy laws.
Redundancy & Backup: Daily automated backups and disaster recovery mechanisms ensure business continuity.
3. Application Security
Secure Development Lifecycle (SDLC): Security testing is part of every phase of our software development.
Vulnerability Management: Regular code reviews, static code analysis, and third-party vulnerability assessments.
Penetration Testing: Annual third-party pen tests and frequent internal security scans.
Patch Management: Timely updates and security patch deployments across systems.
4. Compliance Readiness
Our systems and operations align with global security and privacy standards:
ISO/IEC 27001:2022, GDPR, and SOC 2 Type II alignment
Data Processing Agreements (DPA) available to partners
Regional compliance readiness: UAE, Saudi Arabia, India, and EU requirements
5. User & Admin Controls
Audit Trails: Detailed logs of user activity to monitor platform use and detect anomalies.
Granular Permissions: Admins can define access rights, workflows, and approvals per module or user role.
Session Management: Auto logout, device restrictions, and login alerts are available for enhanced user security.
6. Partner & Client Responsibilities
While we provide secure infrastructure, we also encourage partners and clients to:
Implement secure password policies and periodic user access reviews
Train users on phishing awareness and device hygiene
Report any security concerns immediately to our support team
7. Reporting Security Issues
We take security vulnerabilities seriously. If you discover a potential issue or concern, please report it responsibly to:
📧 security@usrinfotech.com
Subject Line: “Security Concern – [Your Organization Name]”
8. Continuous Improvement
Security is a continuous journey. We proactively monitor emerging threats, update policies, and enhance platform resilience to keep ahead of risks.
