ATFENIX
24/7 Support
99.99% Uptime

Security & Compliance Policy

Effective Date: August 17, 2025

1. Introduction

Atfenix is committed to ensuring the confidentiality, integrity, and availability of our customers’ data and IT infrastructure. This Security & Compliance Policy outlines the technical, organizational, and procedural measures taken to protect data processed through Atfenix services, and our adherence to relevant compliance frameworks.

2. Security Principles

Atfenix follows globally recognized security best practices:

  • Defense in Depth: Multiple layers of security controls (physical, technical, administrative).
  • Zero Trust Architecture: Continuous verification of users, devices, and systems.
  • Least Privilege Access: Users and staff are granted only the access necessary for their roles.
  • Continuous Monitoring: Real-time tracking of systems, logs, and traffic to identify anomalies.

3. Physical Security

  • 24/7/365 manned security at our data centre facilities.
  • Multi-factor access controls (biometric + ID card + PIN).
  • CCTV surveillance with 90+ days retention.
  • Fire suppression systems and environmental monitoring (temperature, humidity, smoke).
  • Redundant power supply with UPS and on-site diesel generators.

4. Network & Infrastructure Security

  • Segmented networks to prevent lateral movement of threats.
  • DDoS mitigation systems at network edges.
  • Next-Generation Firewalls (NGFW) with Intrusion Detection & Prevention Systems (IDS/IPS).
  • Regular vulnerability scanning and patch management.
  • Secure VPN access for administrative functions.

5. Data Security

  • Encryption in Transit: TLS 1.2+ enforced for all traffic.
  • Encryption at Rest: AES-256 encryption on all storage devices.
  • Key Management: Secure key lifecycle management, with role-based access.
  • Backup & Recovery: Automated daily backups, multiple geographic copies, disaster recovery plans with defined RPO/RTO.

6. Access Control & Identity Management

  • Multi-Factor Authentication (MFA) for staff and privileged accounts.
  • Role-Based Access Control (RBAC).
  • Session logging and monitoring of all administrative activities.
  • Automatic account lockout after repeated failed attempts.

7. Incident Response & Breach Management

  • Dedicated Security Operations Center (SOC) monitoring 24/7.
  • Incident Response Plan (IRP) with defined escalation paths.
  • Breach notification to customers within 72 hours of discovery, in line with GDPR and global standards.
  • Post-incident reviews to strengthen security measures.

8. Customer Responsibilities

While Atfenix ensures the security of the infrastructure, customers are responsible for:

  • Securing their applications, workloads, and data stored on Atfenix infrastructure.
  • Managing end-user access rights and credentials.
  • Configuring firewalls, VPNs, and encryption for their hosted applications.

9. Continuous Improvement

Atfenix adopts a continuous compliance & improvement approach, including:

  • Quarterly vulnerability assessments.
  • Annual penetration tests.
  • Regular staff security awareness training.
  • Policy updates based on evolving cyber threats and regulatory changes.

10. Compliance Frameworks

Atfenix aligns with international security & compliance standards, including:

  • ISO/IEC 27001 – Information Security Management System (ISMS).
  • SOC 2 Type II – Security, Availability, Confidentiality principles.
  • GDPR & Indian DPDP Act – Data protection & privacy compliance.
  • PCI-DSS (where applicable) – For handling payment-related workloads.
  • Regular third-party audits & penetration testing for assurance.

Contact Us

For security and compliance inquiries, please contact us.

General Support

[email protected]

Compliance & Legal

[email protected]