info@metroleads.com
US: +1 310-634-1144 India: +91-86260 31010
GET A DEMO

    We Are Engineers. We Are Innovators. We Are Creators.

    About   |   Partners   |  Careers   |   Blog   |    Contact

    Security Policy

    At MetroGuild, we understand that securing and protecting your data is the most important responsibility we have. We are following organization wide processes to ensure that we fulfil the responsibility of securing your data. The following areas will give you a more insights of the systems we have put in place :

    Application Security

    At Metroleads, we take an integrated approach to application security, to ensure everything from engineering, deployment including architecture and quality assurance processes complies with our highest standards of security. Metroleads application and services are hosted on Amazon Web Services across 5 regions. The infrastructure for databases and application servers is managed by AWS .

    Application Architecture

    The application is initially protected by AWS’s firewall which is equipped to counter regular Distributed Denial-of-Service (DDoS) attacks and other network related intrusions. The second layer of protection is a web application firewall (WAF) which monitors against offending IPs, users and spam. While the application can be accessed only by users with valid access IDs, it should be noted that security in cloud-based products is a shared responsibility between the company and the businesses who own those accounts on the cloud. In addition to making it easy for administrators to enforce industry-standard password policies on users, our products also come with business data security features on the cloud:

    Under Metroleads, each customer has a separate database, and we ensure that the code always fetches the data that belongs to only the logged in user. Per this design, no customer has access to another customer’s data. Access to the application by the Metroleads development team is also controlled, managed and audited . Access to the application and the infrastructure are logged for subsequent audits with AWS.

    Physical Security

    The Metroleads development centre in Pune is under 24×7 physical security protection. Only authorized personnel have access to the building and offices. Employees are granted access to the office only after authorization using biometric authentication. Important documents are stored in cabinets accessible only to authorized persons. The office is equipped with surveillance cameras and its images are regularly monitored by authorized persons. A policy has been implemented to approve and regulate visitor access to the building. The office is provided with 24×7 power supply, supported by an alternative uninterrupted power supply system to ensure smooth functioning in the event of power failure. Metroleads hosts its application and data in Amazon Web Services, whose data centres have been thoroughly tested for security, availability and business continuity.

    Application Engineering and Development

    We follow secure software development lifecycle, where security testing is part of development, testing and pre-release acceptance.

    Software Changes and Release Management

    Production deployments are only done by authorized Dev-ops team members, and nobody else has access to our production environment. Changes in our production environment follow a very well-defined, systematic process from development and test environments to verifying the changes finally on staging before production deployment.

    Data Security

    Metroleads takes the protection and security of its customers’ data very seriously. Metroleads manages the security of its application and customers’ data. The Metroleads development team has no access to data on production servers. Changes to the application, infrastructure, web content and deployment processes are documented extensively as part of an internal change control process. Metroleads takes the integrity and protection of customers’ data very seriously.

    Data at rest is encrypted using AES-256 bit standards (key strength – 1024) with the keys being managed by AWS Key Management Service. All data in transit is encrypted using FIPS-140-2 standard encryption over a secure socket connection for all accounts hosted with us. Different environments are in use for development and testing purposes, access to systems are strictly managed, based on the principles of need to do/know basis appropriate to the information classification, with Segregation of Duties built in, and reviewed on a quarterly basis.

    HIPAA Compliant

    The certification is applicable across the entire Metroleads products and cloud services.

    Data Deletion

    When a customer account with Metroleads is terminated, we ensure that all their data is handed over to the customer and then deleted cleanly.

    Network Security

    The Metroleads office network where updates are developed, deployed, monitored and managed is secured by industry-grade firewalls and antivirus software, to protect internal information systems from intrusion and to provide active alerts in the event of a threat or an incident. Firewall logs are stored and reviewed periodically. Access to the production environment is via SSH and remote access is possible only via the office network. Audit logs are generated for each remote user session and reviewed. Also, the access to production systems are always through a multi-factor authentication mechanism. Our data centres are hosted in AWS are HIPAA compliant.

    Reporting issues and threats

    At Metroleads we take the protection of our customer’s data very seriously. If you have found any issues or flaws impacting the data security or privacy of Metroleads users, please write to secure.ml@metroleads.com with the relevant information for a faster resolution. We ask that you do not share or publicize an unresolved vulnerability with/to third parties.

    Public Disclosure Policy

    By default, this program is in “PUBLIC NONDISCLOSURE” mode which means: “THIS PROGRAM DOES NOT ALLOW PUBLIC DISCLOSURE. ONE SHOULD NOT RELEASE THE INFORMATION ABOUT VULNERABILITIES FOUND IN THIS PROGRAM TO PUBLIC, FAILING WHICH SHALL BE LIABLE FOR LEGAL PROCEEDINGS!”

    **We may modify the terms of this program or terminate this program at any time.