<\/p>\n
Physical Security<\/b><\/h4>\n
Facility Security<\/span><\/strong><\/p>\n The LogiNext development center in Mumbai is under 24x7x365 security protection. The security is present at premises level as well as at floor level so that only authorized individuals are allowed to enter the building and LogiNext office.\u00a0<\/span><\/p>\n At the premises level, the building’s perimeter is secured by barriers and guards. At the floor level, security guards and smartcard readers are present to authorize individuals before entry. A policy has been implemented to approve and regulate visitor access to the building and LogiNext office.<\/span><\/p>\n Video Monitoring<\/span><\/strong><\/p>\n LogiNext Development center is monitored 24x7x365 with night vision cameras. The office is equipped with surveillance cameras and their footage is monitored periodically by authorized individuals.<\/span><\/p>\n Access Controlled Entrance<\/span><\/strong><\/p>\n Access to the LogiNext office is strictly restricted to a small group of pre-authorized personnel only. Employees are granted access to the office only after authorization using smart cards. Two forms of authentication, including a biometric one, must also be used to enter a LogiNext office.<\/span><\/p>\n Undisclosed Locations<\/span><\/strong><\/p>\n LogiNext local servers are located inside generic-looking, undisclosed locations that make them less likely to be a target of an attack. Important documents are stored in lockable cabinets that can only be accessed by pre-authorized individuals.<\/span><\/p>\n Natural Calamities<\/span><\/strong><\/p>\n LogiNext Office is located in some of the most secure facilities available today such that it is protected from physical and logical attacks as well as from natural disasters such as earthquakes, fires, floods, etc. Fire sensors, alarms and water sprinklers are in place throughout the office to detect and mitigate the damage in an unlikely event of a fire. Regular fire drills are also conducted by the premises management team to educate employees about emergency evacuation procedures.<\/span><\/p>\n Power Supply<\/strong><\/span><\/p>\n The office is provided with 24x7x365 power supply. There is also the provision of an alternative uninterrupted power supply system in the event of power failure.<\/span><\/p>\n Network security is detailed out below for the development center and the network where LogiNext products are hosted. LogiNext network is gated and screened by highly powerful and industry certified Intrusion Detection \/ Prevention Systems.\u00a0<\/span><\/p>\n LogiNext office network where products and applications are designed, developed, deployed are monitored, managed and secured by industry-grade firewalls and antivirus softwares. This ensures protection of internal information systems from intrusion. Process and systems are in place and regularly audited to provide active alerts in the event of a threat or an incident. All the Firewall logs are stored, maintained and reviewed periodically.\u00a0<\/span><\/p>\n Access to the production environment \/ systems is via SSH and always through a multi-factor authentication mechanism. Remote access to production system is possible only via the office network. Audit logs are generated for each remote user session and reviewed.\u00a0<\/span><\/p>\n The Network security, Infrastructure and DevOps teams monitor the infrastructure 24x7x365 for stability, intrusions and spam using a dedicated alert mechanism. End-to-end vulnerability assessments and penetration tests are performed every quarter by our DevOps team.\u00a0<\/span><\/p>\n All LogiNext products and data are hosted \/ stored in industry-leading Amazon web services (AWS), with security managed by Amazon.\u00a0<\/span><\/p>\n LogiNext has adopted a multifaceted approach for its application security, to ensure everything from design to engineering to deployment of products – Web Application and Android Applications complies with highest standards of security in the industry.\u00a0<\/span><\/p>\n Industry-leading secure coding standards and guidelines have been defined for our engineers so that our products are developed with security considerations from the ground-up.\u00a0<\/span><\/p>\n A review is a mandatory part of application engineering (development and construction) process. The review process leverages static code analysis tools, in addition to manual reviews, to ensure adherence to our highest standards.<\/span><\/p>\n Product Architecture and Security<\/strong><\/span><\/p>\n The application is initially protected by AWS’s firewall which is equipped to counter regular DDoS attacks and other 4 network related intrusions.\u00a0<\/span><\/p>\n LogiNext has further implemented the second layer of its own application protection firewall which monitors against suspicious IPs, users and spam. For every product login, the customers have to create their usernames and passwords by submitting their valid Email Address in order to authorize themselves and authenticate their login onto the applications. All the credentials are one-way hashed, salted and encrypted using with most secured industry standards and algorithms. While both the Web and Android applications can be accessed only by users with valid credentials, it should be noted that security for cloud-hosted products is a shared responsibility between the company and the businesses who own those accounts on the cloud. The LogiNext application has an in-built spam protection system for businesses that use it. The Network Security Administrators can monitor and block the offending accounts and IP addresses.\u00a0<\/span><\/p>\n LogiNext products are configured using secure socket connections. LogiNext also encourages whitelisting IPs for exclusive access.\u00a0<\/span><\/p>\n All the email and mobile transactions \/ notifications are handled via industry renowned and secured gateways. User’s privacy is considered as the highest priority at LogiNext.\u00a0<\/span><\/p>\n In order to test the resilience of the hosted application, the company performs periodic penetration tests. This is always conducted in an architecturally equivalent copy of the system with no actual customer data present. The production system is never subject to such tests. Should an individual attempt such a test in the production environment, it will be detected as an intrusion, and the source IP will be blocked. An alert will then be raised so engineers can attend to the incident.<\/span><\/p>\n Hosting on AWS<\/strong><\/span><\/p>\n LogiNext uses a multi-tenant data model to host all its products on AWS. Each application is serviced through a unique virtual private cloud and each customer is individually identified by a Client ID. The application security is engineered to ensure that data for only the logged-in account is fetched and displayed. Hence, each Customer Login has access to only its own logged-in account’s data. Access to AWS for Administrators are controlled, managed and logged for subsequent audits.<\/span><\/p>\n LogiNext provides world’s best integrated technology ecosystems to its customers. LogiNext is committed to the protect and secure its customer’s data in this seamless integration of applications. However, access management of individual accounts is at the discretion of businesses that own the accounts on LogiNext products.\u00a0<\/span><\/p>\n Access to the data on production servers is strictly non-permissible to LogiNext Employees or any other third parties. All the internal engineering process related to the changes in application, infrastructure and web content are well documented. Strict review cycles and change control procedures are adopted to promote any change from Development to QA to Production servers. Review checklist are audited every quarter and world class security standards are adopted only after multiple layer of approvals. LogiNext code deployment process ensures that the changes are promoted to the higher boxes only after the security review which mandates that each version is compliant with the company’s internal information security and management policies.\u00a0<\/span><\/p>\n LogiNext’s products require only limited customer information like Name, registered company domain’s email address, Postal address and Phone No. Additionally, the other two kinds of data that LogiNext maintains is the Application or the system logs and the customer transaction data. All the data is stored in the Amazon’s state of the art cloud computing platform, AWS. Thus LogiNext ensures that the integrity and protection of customer’s data is robust and most secure by adopting data isolation methods such that each customer login is be able to see only his\/her information.\u00a0<\/span><\/p>\n Different environments are in use for development and testing purposes, and production data is never available for access by LogiNext employees or third parties.\u00a0<\/span><\/p>\n There are different environments used for Development and Testing purposes. Development \/ Engineering leads own the development and sand-box environments. All the code movement in this environment is the Engineering team’s ownership. Only after the Code is reviewed and unit tested, the changes can be promoted to the QA Environment. DevOps team own the migration of Code to QA Environment. There are strict change control policies and exit criteria for the code to be moved to QA Environment. Deployments to production servers are performed only by authorized engineers from Dev, QA and DevOps Team. Every release to Production Environment is well planned ahead of time with strict acceptance criteria from Engineering, QA and Products team. Each team has veto power to certify the release to production environment. Only very few preauthorized employees \/ administrators have access to LogiNext’s production environment. In order to view, inspect and access the production logs, engineers need to get an approval from a committee of authorized employees. Only after the approval the logs are shared for a limited time.<\/span><\/p>\n Deployment to production takes place with zero down time so that customer does not loose any data. Once deployment to production is completed, complete sanity of all the products is performed. Post-deployment monitoring is done by a dedicated 24×7 team that monitors the application. An escalation matrix up to two levels has been defined to address contingencies that might occur. Comprehensive application audits are performed once in a month. The tests are performed with the help of static analysis tools and aided by manual analysis. Network penetration tests and other black box tests are performed to help identify security vulnerabilities in the application.\u00a0<\/span><\/p>\n Every application update goes through a series of validations by our expert testing team. All areas of functional, technical, security validation and verification is performed by our dedicated Quality Assurance team. Their prime goal is to discover and demonstrate vulnerabilities in the application. LogiNext products goes through a gruesome quality checks before it is rolled out on production. It is a must-have to get the approval stamp from Quality Assurance engineers to migrate any code to the higher-up environment.<\/span><\/p>\n Building the world-class products requires not just technology, but a disciplined approach to processes. This includes policies about escalation, management, knowledge sharing, risk, as well as the day to day operations. The company has well-defined change management processes, logging and monitoring procedures, and fallback mechanisms set up as part of its operations policies. Team LogiNext is built with individuals with expansive knowledge and experience in the industry.\u00a0<\/span><\/p>\n The team thrives on out-of-box thinking and believes in continually improving our processes over time to ensure that our customers get the most of the cutting edge technology.\u00a0<\/span><\/p>\n Policies have been framed under LogiNext HR directives to ensure that there are formal procedures, control and well-defined responsibilities to maintain the integrity of the organization. The recruitment process includes strict background verification checks (including verification of academic records, past employment, criminal records) on all new recruits. All employees are provided with adequate training about the policies of the company and are required to sign that they have read and understood the company’s policies. Confidential information about the company is available for access only to select authorized employees.\u00a0<\/span><\/p>\n LogiNext maintains an inventory of all information systems used by our employees for development purposes in an internal service desk, aided by automated probing software that assists in tracking changes to these systems and their configurations. Employees are not provided with Admin access for their systems. All the employees have to take approval from their reporting managers to install the authorized and licensed software products. The request for the same is raised on the LogiNext Service Desk portal for our our security administration team to install the same. No third parties or contractors manage software or information facilities, and no development activity is outsourced. All employee information systems are authorized by the management before they are installed or put to use.\u00a0<\/span><\/p>\n Employees are trained and a quick and handy process is in place to report any suspicious activities or threats. LogiNext HR and Legal team takes appropriate disciplinary action against employees who violate organizational policies.<\/span><\/p>\n All processes and security standards at LogiNext meet regulations at the industry, state, federal and international levels. LogiNext adheres to strict data security, access, integrity policies.\u00a0<\/span><\/p>\n As the processors of personal information on behalf of our customers, we follow their instructions with respect to the information they control to the extent consistent with the functionality of our service. In doing so, we implement industry standard security, technical, physical and administrative measures against unauthorized processing of such information and against loss, destruction of, or damage to, personal information as more fully described in LogiNext’s privacy policy. The company has a privacy policy, approved by an internal legal counsel, available publicly at<\/span> http:\/\/www.loginextsolutions.com\/privacy-policy<\/span><\/a>.\u00a0<\/span><\/p>\n LogiNext guarantees business continuity by adopting multiple strategies to ensure minimal or no down time with no data loss.<\/span><\/p>\n Monitoring<\/strong><\/span><\/p>\n Preemptive steps are accomplished by maintaining monitoring scripts which watches the infrastructure and scheduler scripts. Anything out of business as usual will be raised as an alarm. A response team is identified to react immediately and avert the disaster.<\/span><\/p>\n Application Logs<\/strong><\/span><\/p>\n LogiNext captures the application logs which is maintained for e period of 60 days. The logs are evaluated on a continuous basis and learning from the logs are feedback to the application in the form of code changes or fine tuning the infrastructure to harden the setup.<\/span><\/p>\n Cross-Region Master-Slave Database Architecture<\/strong><\/span><\/p>\n We have defined master-slave set up for Database architecture. Master databases can perform both read and write updates while slaves can only provide read access. By setting up database as the master in the primary region, the replica slaves are continuously updated by the master DB in your designated recovery region. This replica is created instantaneously. The advantage of this master-slave setup is that the data in the slave database is always a mirror copy of the data in the master DB. Therefore, if the Master DB fails, you can promote a slave replica DB and designate it as master without suffering data unavailability.<\/span><\/p>\n Regular Backup<\/strong><\/span><\/p>\n Database backups are done regularly to protect the customer data. Transaction data is backed up every 4 hours on EBS volumes. Structure data is backed up every 24 hours. In addition to this code is backed up every 4th day.<\/span><\/p>\n AWS CloudFormation<\/strong><\/span><\/p>\n We have created a centralized file that enables us to manage, update and recreate the Amazon AWS stack (collection of Amazon AWS resources). CloudFormation is used to redeploy all the resources through the web-based management console or through an API. One of the most commonly used API features in CloudFormation is the CreateStack, which enables us to copy the stack in its entirety.<\/span><\/p>\n Backup and Restore<\/strong><\/span><\/p>\n Amazon S3 is an ideal destination for backup data that might be needed quickly to perform a restore. Transferring data to and from Amazon S3 is typically done through the network, and is therefore accessible from any location.<\/span><\/p>\n Security incidents (breaches and potential vulnerabilities) can be reported by customers through email: <\/span>security@loginextsolutions.com<\/span><\/a><\/p>\n All security requests will be looked into immediately. We might ask for your guidance in identifying or replicating the issue and understanding any means to resolving the threat right away. Please be clear and specific about any information you give us. We deeply appreciate your help in detecting and fixing flaws in LogiNext applications, and will acknowledge your contribution to the world once the threat is resolved.<\/span><\/p>\n Note:<\/strong> Information enclosed in this document is open to perusal for the intended recipient only. Sharing or distribution of the document without explicit approval from LogiNext would be considered as infringement of our Confidential Protocol.<\/span><\/em><\/p>\n","protected":false},"excerpt":{"rendered":" With 100,000+ shipments processed daily which have aggregated more than a billion data points, our clients count on LogiNext Security to meet their needs. LogiNext takes all the elements of security very seriously and have developed a comprehensive set of … Continued<\/a><\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"footnotes":""},"categories":[],"tags":[1109,1100,1101,1102,1103,1104,1105,1106,1107,1108,1099,3011,3013,3014,3015,3016,3017,3018,3019,3020,1089,1035,1081,1082,1083,1084,1085,1086,1087,1088,1011,1090,1091,1092,1093,1094,1095,1096,1097,1098],"_links":{"self":[{"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/posts\/7771"}],"collection":[{"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/comments?post=7771"}],"version-history":[{"count":21,"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/posts\/7771\/revisions"}],"predecessor-version":[{"id":33052,"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/posts\/7771\/revisions\/33052"}],"wp:attachment":[{"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/media?parent=7771"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/categories?post=7771"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/tags?post=7771"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Network Security<\/b><\/h4>\n
Application Security<\/b><\/h4>\n
Data Security<\/b><\/h4>\n
Environments, Deployment and post Deployment<\/b><\/h4>\n
Quality Assurance<\/b><\/h4>\n
People Processes<\/b><\/h4>\n
Regulatory Compliance<\/b><\/h4>\n
Disaster Recovery \/ Business Continuity<\/b><\/h4>\n
![\"\"](\"https:\/\/support.loginextsolutions.com\/wp-content\/uploads\/image1-155.png\")
Key steps for backup and restore:<\/span><\/p>\n\n
Reporting Vulnerabilities, Issues and Threats<\/b><\/h4>\n