Security at SanmigGRC
Engineering, monitoring and operational controls designed for BFSI, NBFC and HFC procurement.
TLS 1.2+ in transit. At-rest encryption on managed cloud storage and database.
Role-based access control with separate admin, sales and client roles. MFA on all admin accounts.
Immutable audit trail on all lead and engagement records, accessible only to admins.
Service credentials stored in a managed secret vault. Never embedded in source.
Documented runbook with SLA-bound notification. Templates aligned to DPDP breach reporting.
Dependency scanning on every change. Critical advisories triaged within 72 hours.
Continuous database backups with point-in-time recovery on the managed cloud tier.
Limited to vetted, contract-bound providers for cloud, email and calendaring.
Responsible-disclosure reports are welcome. Email sanjeev1911@gmail.com with reproduction steps. We acknowledge within two business days.