Physical Security

RAS Legal's physical security measures are designed to prevent RAS Legal from any act, which can cause loss/harm to the employees, IT systems and data or intellectual property of RAS Legal or its clients. These procedures prevent RAS Legal against any possible damage from acts of theft, fire, or other causes.

The measures include:

Controlled and secure access (24x7) to the Acumen Delivery Team operations floor
Each person must report to the security desk before entering the operations area. Visitors and people are allowed in the operations area, only if accompanied by senior manager and after taking due permission from security desk. The log of each person entering or leaving the operations floor is maintained 24x7.

Authorized access to data center
Access to sensitive places like the data center is strictly monitored and only authorized personnel like database administrators can access the center.

Carrying Handbags/Notebooks not allowed
Employees are instructed to leave any handbags/notebooks at the security desk and are not allowed to carry them inside the premises. For processes involving sensitive information like credit card numbers, bank account numbers, personal records the rules are strictly adhered and implemented.

Movement of IT hardware
Our center is bonded i.e. movement of hardware and media is strictly regulated under the Software Technology Park Authority, a national government body of India. Requisite permissions and log files ensure tracking of all hardware equipment and storage media.

Around-the-clock security
24-hour security of the building and our premises ensure protection against thefts. Our premises conform to all fire safety standards set by State laws.

Systems

In order to eliminate any vulnerabilities that may arise from our offshoring model, our delivery partner, Acumen Legal Services, has set forth a comprehensive set of measures to ensure a smooth business operation. RAS Legal has taken adequate security measures to safeguard both RAS Legal's and the customer's interest. A brief of the data security measures taken by RAS Legal & Acumen are listed below:

VPN Support
RAS Legal encourages use of a VPN connection with its clients. This enables your assigned Delivery team to work remotely on client's systems thus minimizing the need for file transfer to our servers and thus reducing security issues.

Encryption using firewall for data transfer
Data transfer is carried out through firewalls using which data is encrypted at source, travels through VPN and is then decrypted at destination. The corporate firewall of the Delivery team is a dedicated system sitting between our private network and the Internet.

The firewall is running RedHat Linux-7.1 with kernel 2.4. The firewall is utilizing Netfilter (IPTables) and network address translation facilities. The default policy is "DENY" to the internal network from the external world. This safeguards data from being accessed by external systems.

Password authentication
User identification with password is required for using a desktop computer, and all network resources. A desktop computer is assigned to every employee with separate logins for each user. A monthly password change is enforced, and periodic audits of user accounts are carried out. Employees given corporate email accounts, follow guidelines for email usage, and is monitored closely to ensure account misuse does not occur.  Detailed activity logs are created and saved for all desktop computer workstations and servers.

Data Backup
Frequent data backups are made on the server and write-able media like CDs or magnetic tapes. The frequency of updates is process-dependent. Local caching of reports on desktops is strictly forbidden.
A policy for data security defines the procedure, frequency, and scheduling of backups. Integrated backup management software facilitates this process. The backups are logged and stored in a fireproof cabinet, and one backup is stored at an offsite location.

Virus Protection
All desktops and servers are scanned for viruses daily. Software from external sources is scanned before use. This includes Internet mail too, which is scanned by the e-mail gateway.

"Chinese Wall" between Internet and data transfer & storage
Separate desktops are allotted for Internet access to prevent any data transmission outside RAS Legal Services systems. We also use separate servers for Internet usage and data transfer & storage for additional security.

Administrator Access
Administrator level access to all servers and firewalls is provided exclusively to the system administrator, and only through the system console. Dialup users are not allowed such access. Other controls for such access include two-level authentication, log-outs based on inactivity timed, log-in freeze after multiple log-in failures, and restrictions on simultaneous sessions. Daily audits of the system log help detect unauthorized use, if any. Remote access to the Delivery team network is restricted to a very limited set of users. Firewalls are kept in physically secure locations. The IS department effects changes to the firewall configuration, for example to add a new service, not required from the console.

Data confidentiality with Vendors
All technology and services vendors are subject to an agreement to ensure that they do not pose any threat to network and systems security. The users are also made aware of the importance of systems and network security. Confidentiality agreement is a part of each contract that RAS Legal signs with its vendors for protection of client information.

Audits
Organization wide audits of IT systems and data security are carried out every quarter. Additionally process/project specific audits are done monthly to ensure conformance to data security commitments.
Additional security measures are taken on request of the client and are dependent on needs of the project in question.