Methodvitz Technologies LLP (“Methodvitz,” “we,” “us” or “our”) is committed to maintaining the highest standards of information security and regulatory compliance. This Security & Compliance Policy outlines the practices and controls we employ to protect our systems, data, and users.

1. Information Security Governance

  • Leadership & Accountability: Our Chief Information Security Officer (CISO) oversees all security and compliance efforts.

  • Policy Framework: We maintain documented policies, standards, and procedures aligned with industry best practices (e.g., ISO 27001, SOC 2).

2. Data Protection Measures

  • Data Classification: All data is classified by sensitivity (e.g., Public, Internal, Confidential, Restricted).

  • Data Handling: Procedures govern storage, transmission, and disposal of data based on its classification.

  • Backup & Recovery: Regular automated backups are encrypted and stored off-site with tested restore processes.

3. Network & Infrastructure Security

  • Perimeter Defense: Firewalls, intrusion detection/prevention systems (IDS/IPS), and network segmentation protect our environment.

  • Vulnerability Management: We run quarterly vulnerability scans and annual penetration tests, remediating issues per our SLA.

  • Patch Management: Critical security patches are applied within 15 days; all other patches within 30 days.

4. Access Control & Authentication

  • Least Privilege: Access to systems and data is granted on a need-to-know basis.

  • Multi-Factor Authentication (MFA): Required for all administrative accounts and remote access.

  • Periodic Review: User access rights are reviewed biannually to ensure appropriateness.

5. Encryption

  • In Transit: TLS 1.2+ protects data moving between clients and our servers.

  • At Rest: AES-256 encryption secures databases, file stores, and backups.

  • Key Management: Encryption keys are stored in a hardened hardware security module (HSM) with strict access controls.

6. Incident Response & Management

  • Incident Response Plan: We maintain a documented plan outlining detection, containment, eradication, recovery, and post-mortem procedures.

  • 24/7 Monitoring: Security information and event management (SIEM) continuously monitors logs and alerts.

  • Breach Notification: In the event of a confirmed data breach, we will notify affected users and regulators within the timelines required by applicable law.

7. Compliance Standards

We actively maintain alignment and certification (where applicable) with:

  • ISO 27001: Information Security Management System

  • SOC 2 Type II: Security, Availability, and Confidentiality

  • GDPR: Data protection requirements for EU personal data

  • IT Act 2000 (India): Relevant rules on electronic data and cyber security

8. Security Assessments & Audits

  • Third-Party Audits: Annual independent audits validate our controls and practices.

  • Internal Audits: Quarterly reviews by our internal audit team to ensure ongoing compliance.

9. Vendor Management

  • Due Diligence: Security and compliance reviews for all third-party vendors handling sensitive data.

  • Contractual Controls: Data protection and confidentiality clauses enforced in vendor agreements.

  • Ongoing Monitoring: Annual reassessment of critical vendors’ security postures.

10. User Responsibilities

  • Password Hygiene: Use unique, strong passwords and change them every 90 days.

  • Phishing Awareness: Complete annual security training and report suspicious emails immediately.

  • Device Security: Keep company-issued devices updated and locked when unattended.

11. Policy Changes

We may update this policy to reflect changes in regulations, standards, or our business practices. The “Last updated” date above will reflect the effective revision date. Continued use of our Services constitutes acceptance of any updates.

Contact & Reporting
For security inquiries or to report vulnerabilities, please contact our Security Team at security@methodtech.in

Security & Compliance

Security & Compliance

Methodvitz Technologies LLP (“Methodvitz,” “we,” “us” or “our”) is committed to maintaining the highest standards of information security and regulatory compliance. This Security & Compliance Policy outlines the practices and controls we employ to protect our systems, data, and users.

1. Information Security Governance

  • Leadership & Accountability: Our Chief Information Security Officer (CISO) oversees all security and compliance efforts.

  • Policy Framework: We maintain documented policies, standards, and procedures aligned with industry best practices (e.g., ISO 27001, SOC 2).

2. Data Protection Measures

  • Data Classification: All data is classified by sensitivity (e.g., Public, Internal, Confidential, Restricted).

  • Data Handling: Procedures govern storage, transmission, and disposal of data based on its classification.

  • Backup & Recovery: Regular automated backups are encrypted and stored off-site with tested restore processes.

3. Network & Infrastructure Security

  • Perimeter Defense: Firewalls, intrusion detection/prevention systems (IDS/IPS), and network segmentation protect our environment.

  • Vulnerability Management: We run quarterly vulnerability scans and annual penetration tests, remediating issues per our SLA.

  • Patch Management: Critical security patches are applied within 15 days; all other patches within 30 days.

4. Access Control & Authentication

  • Least Privilege: Access to systems and data is granted on a need-to-know basis.

  • Multi-Factor Authentication (MFA): Required for all administrative accounts and remote access.

  • Periodic Review: User access rights are reviewed biannually to ensure appropriateness.

5. Encryption

  • In Transit: TLS 1.2+ protects data moving between clients and our servers.

  • At Rest: AES-256 encryption secures databases, file stores, and backups.

  • Key Management: Encryption keys are stored in a hardened hardware security module (HSM) with strict access controls.

6. Incident Response & Management

  • Incident Response Plan: We maintain a documented plan outlining detection, containment, eradication, recovery, and post-mortem procedures.

  • 24/7 Monitoring: Security information and event management (SIEM) continuously monitors logs and alerts.

  • Breach Notification: In the event of a confirmed data breach, we will notify affected users and regulators within the timelines required by applicable law.

7. Compliance Standards

We actively maintain alignment and certification (where applicable) with:

  • ISO 27001: Information Security Management System

  • SOC 2 Type II: Security, Availability, and Confidentiality

  • GDPR: Data protection requirements for EU personal data

  • IT Act 2000 (India): Relevant rules on electronic data and cyber security

8. Security Assessments & Audits

  • Third-Party Audits: Annual independent audits validate our controls and practices.

  • Internal Audits: Quarterly reviews by our internal audit team to ensure ongoing compliance.

9. Vendor Management

  • Due Diligence: Security and compliance reviews for all third-party vendors handling sensitive data.

  • Contractual Controls: Data protection and confidentiality clauses enforced in vendor agreements.

  • Ongoing Monitoring: Annual reassessment of critical vendors’ security postures.

10. User Responsibilities

  • Password Hygiene: Use unique, strong passwords and change them every 90 days.

  • Phishing Awareness: Complete annual security training and report suspicious emails immediately.

  • Device Security: Keep company-issued devices updated and locked when unattended.

11. Policy Changes

We may update this policy to reflect changes in regulations, standards, or our business practices. The “Last updated” date above will reflect the effective revision date. Continued use of our Services constitutes acceptance of any updates.

Contact & Reporting
For security inquiries or to report vulnerabilities, please contact our Security Team at security@methodtech.in

Methodvitz Technologies LLP (“Methodvitz,” “we,” “us” or “our”) is committed to maintaining the highest standards of information security and regulatory compliance. This Security & Compliance Policy outlines the practices and controls we employ to protect our systems, data, and users.

1. Information Security Governance

  • Leadership & Accountability: Our Chief Information Security Officer (CISO) oversees all security and compliance efforts.

  • Policy Framework: We maintain documented policies, standards, and procedures aligned with industry best practices (e.g., ISO 27001, SOC 2).

2. Data Protection Measures

  • Data Classification: All data is classified by sensitivity (e.g., Public, Internal, Confidential, Restricted).

  • Data Handling: Procedures govern storage, transmission, and disposal of data based on its classification.

  • Backup & Recovery: Regular automated backups are encrypted and stored off-site with tested restore processes.

3. Network & Infrastructure Security

  • Perimeter Defense: Firewalls, intrusion detection/prevention systems (IDS/IPS), and network segmentation protect our environment.

  • Vulnerability Management: We run quarterly vulnerability scans and annual penetration tests, remediating issues per our SLA.

  • Patch Management: Critical security patches are applied within 15 days; all other patches within 30 days.

4. Access Control & Authentication

  • Least Privilege: Access to systems and data is granted on a need-to-know basis.

  • Multi-Factor Authentication (MFA): Required for all administrative accounts and remote access.

  • Periodic Review: User access rights are reviewed biannually to ensure appropriateness.

5. Encryption

  • In Transit: TLS 1.2+ protects data moving between clients and our servers.

  • At Rest: AES-256 encryption secures databases, file stores, and backups.

  • Key Management: Encryption keys are stored in a hardened hardware security module (HSM) with strict access controls.

6. Incident Response & Management

  • Incident Response Plan: We maintain a documented plan outlining detection, containment, eradication, recovery, and post-mortem procedures.

  • 24/7 Monitoring: Security information and event management (SIEM) continuously monitors logs and alerts.

  • Breach Notification: In the event of a confirmed data breach, we will notify affected users and regulators within the timelines required by applicable law.

7. Compliance Standards

We actively maintain alignment and certification (where applicable) with:

  • ISO 27001: Information Security Management System

  • SOC 2 Type II: Security, Availability, and Confidentiality

  • GDPR: Data protection requirements for EU personal data

  • IT Act 2000 (India): Relevant rules on electronic data and cyber security

8. Security Assessments & Audits

  • Third-Party Audits: Annual independent audits validate our controls and practices.

  • Internal Audits: Quarterly reviews by our internal audit team to ensure ongoing compliance.

9. Vendor Management

  • Due Diligence: Security and compliance reviews for all third-party vendors handling sensitive data.

  • Contractual Controls: Data protection and confidentiality clauses enforced in vendor agreements.

  • Ongoing Monitoring: Annual reassessment of critical vendors’ security postures.

10. User Responsibilities

  • Password Hygiene: Use unique, strong passwords and change them every 90 days.

  • Phishing Awareness: Complete annual security training and report suspicious emails immediately.

  • Device Security: Keep company-issued devices updated and locked when unattended.

11. Policy Changes

We may update this policy to reflect changes in regulations, standards, or our business practices. The “Last updated” date above will reflect the effective revision date. Continued use of our Services constitutes acceptance of any updates.

Contact & Reporting
For security inquiries or to report vulnerabilities, please contact our Security Team at security@methodtech.in

Methodvitz Technologies LLP (“Methodvitz,” “we,” “us” or “our”) is committed to maintaining the highest standards of information security and regulatory compliance. This Security & Compliance Policy outlines the practices and controls we employ to protect our systems, data, and users.

1. Information Security Governance

  • Leadership & Accountability: Our Chief Information Security Officer (CISO) oversees all security and compliance efforts.

  • Policy Framework: We maintain documented policies, standards, and procedures aligned with industry best practices (e.g., ISO 27001, SOC 2).

2. Data Protection Measures

  • Data Classification: All data is classified by sensitivity (e.g., Public, Internal, Confidential, Restricted).

  • Data Handling: Procedures govern storage, transmission, and disposal of data based on its classification.

  • Backup & Recovery: Regular automated backups are encrypted and stored off-site with tested restore processes.

3. Network & Infrastructure Security

  • Perimeter Defense: Firewalls, intrusion detection/prevention systems (IDS/IPS), and network segmentation protect our environment.

  • Vulnerability Management: We run quarterly vulnerability scans and annual penetration tests, remediating issues per our SLA.

  • Patch Management: Critical security patches are applied within 15 days; all other patches within 30 days.

4. Access Control & Authentication

  • Least Privilege: Access to systems and data is granted on a need-to-know basis.

  • Multi-Factor Authentication (MFA): Required for all administrative accounts and remote access.

  • Periodic Review: User access rights are reviewed biannually to ensure appropriateness.

5. Encryption

  • In Transit: TLS 1.2+ protects data moving between clients and our servers.

  • At Rest: AES-256 encryption secures databases, file stores, and backups.

  • Key Management: Encryption keys are stored in a hardened hardware security module (HSM) with strict access controls.

6. Incident Response & Management

  • Incident Response Plan: We maintain a documented plan outlining detection, containment, eradication, recovery, and post-mortem procedures.

  • 24/7 Monitoring: Security information and event management (SIEM) continuously monitors logs and alerts.

  • Breach Notification: In the event of a confirmed data breach, we will notify affected users and regulators within the timelines required by applicable law.

7. Compliance Standards

We actively maintain alignment and certification (where applicable) with:

  • ISO 27001: Information Security Management System

  • SOC 2 Type II: Security, Availability, and Confidentiality

  • GDPR: Data protection requirements for EU personal data

  • IT Act 2000 (India): Relevant rules on electronic data and cyber security

8. Security Assessments & Audits

  • Third-Party Audits: Annual independent audits validate our controls and practices.

  • Internal Audits: Quarterly reviews by our internal audit team to ensure ongoing compliance.

9. Vendor Management

  • Due Diligence: Security and compliance reviews for all third-party vendors handling sensitive data.

  • Contractual Controls: Data protection and confidentiality clauses enforced in vendor agreements.

  • Ongoing Monitoring: Annual reassessment of critical vendors’ security postures.

10. User Responsibilities

  • Password Hygiene: Use unique, strong passwords and change them every 90 days.

  • Phishing Awareness: Complete annual security training and report suspicious emails immediately.

  • Device Security: Keep company-issued devices updated and locked when unattended.

11. Policy Changes

We may update this policy to reflect changes in regulations, standards, or our business practices. The “Last updated” date above will reflect the effective revision date. Continued use of our Services constitutes acceptance of any updates.

Contact & Reporting
For security inquiries or to report vulnerabilities, please contact our Security Team at security@methodtech.in