Our Products
Developers
Company
Customers
Blogs
Our Products
Developers
Company
Customers
Blogs

Security

Security

Zeliot is a cornerstone for countless developers driving innovation in the world’s largest data companies. Your work is instrumental in shaping the future of data, and we recognize the immense value you bring. Safeguarding your privacy and the security of your data is our unwavering commitment. We understand that trust is fundamental in any partnership, and we’ve implemented robust measures to protect your information. Let us assure you of our dedication to your security.

Compliance

Compliance

GDPR

Zeliot is steadfast in its commitment to upholding the highest standards of data privacy. We treat the personal information of our customers and employees with the utmost care and respect. In alignment with the stringent regulations outlined in the EU’s General Data Protection Regulation (GDPR), we have implemented robust security measures and policies to safeguard this sensitive data. Our adherence to GDPR ensures that our customers and employees can trust that their personal information is handled responsibly and lawfully.

ISO 27001:2013

ISO 27001 stands as the global benchmark for establishing and maintaining a robust Information Security Management System (ISMS). This rigorous framework mandates a comprehensive assessment of an organization's security practices, encompassing risk identification, compliance adherence, and governance maturity. By attaining ISO 27001 certification, Zeliot unequivocally demonstrates its unwavering commitment to safeguarding your information. Our adherence to this stringent standard signifies a proactive approach to security, where we meticulously identify, assess, and mitigate potential risks to your data. This translates to a well-structured and mature security posture, providing you with the assurance that your information is protected at the highest level.

ISO 9001:2015

Zeliot is proud to be ISO 9001 certified, a testament to our unwavering commitment to delivering exceptional products and services. This globally recognized standard underpins our quality management system, ensuring that we consistently meet and exceed customer expectations. By adhering to ISO 9001's rigorous framework, we've implemented robust processes, established clear responsibilities, and fostered a culture of continuous improvement. This translates into enhanced customer satisfaction, as we prioritize delivering solutions that precisely align with your needs and industry standards. Our ISO 9001 certification serves as your assurance of our dedication to quality excellence.

Product Security

Product Security

Secure development

Zeliot has fully embraced Continuous Delivery (CD) as a cornerstone of its development and deployment strategy. This transformative approach centers on the automation of the entire software delivery pipeline, from code compilation and testing to deployment into production environments. Through meticulously engineered processes and advanced automation, we have established a robust and efficient system that enables the rapid and reliable release of new features, bug fixes, and enhancements.

Our CD pipeline is meticulously designed to ensure the highest levels of quality, security, and stability. Rigorous automated testing at every stage of the development process guarantees that code changes meet stringent quality standards before progressing to production. Additionally, robust security checks are integrated into the pipeline to protect against vulnerabilities and threats. By automating these critical steps, we significantly reduce the risk of human error and accelerate the delivery cycle without compromising on quality or security.

The tangible benefits of our CD implementation are substantial. Frequent, incremental deployments allow for faster time-to-market, enabling us to respond swiftly to customer needs and market trends. Moreover, by breaking down complex deployments into smaller, manageable steps, we reduce the potential impact of failures and facilitate easier troubleshooting. This iterative approach fosters a culture of continuous improvement, as teams can gather real-world feedback on new features and make necessary adjustments rapidly. Ultimately, CD empowers Zeliot to deliver exceptional value to customers through a relentless focus on innovation and operational excellence.

Zeliot adheres to a rigorous code review and approval process as an integral component of its software development lifecycle. Each code modification undergoes meticulous scrutiny through a pull request mechanism, mandating comprehensive evaluation by designated reviewers. This collaborative approach fosters a shared responsibility for code quality and security. By subjecting code changes to multiple eyes, potential defects, vulnerabilities, and inconsistencies are more likely to be identified and rectified before integration into the main codebase.

The pull request process serves as a catalyst for knowledge sharing and team collaboration. Reviewers, often possessing diverse skill sets and perspectives, contribute to code enhancement by suggesting improvements, alternative approaches, or potential optimizations. This collective intelligence elevates the overall codebase and reduces the likelihood of introducing regressions.

Furthermore, the requirement for explicit approval before merging code into the master branch serves as a critical control point. This gatekeeping mechanism ensures that only code that meets predefined quality and security standards is promoted to the next stage of the development pipeline. By enforcing this level of rigor, Zeliot mitigates the risk of deploying defective or insecure code to production, safeguarding system integrity and customer trust.

To further bolster security, Zeliot cultivates a strong partnership between security and engineering teams. This collaborative dynamic fosters a proactive security culture, where potential vulnerabilities are identified and addressed early in the development process. Security experts contribute their expertise by conducting code reviews, providing security guidance, and conducting threat modeling exercises. This integrated approach helps to embed security principles into the development lifecycle, resulting in more resilient and secure software applications.

Organizational security

Organizational security

Information security policies

Zeliot has established a comprehensive information security framework comprised of a robust suite of policies designed to safeguard our assets and data. These policies serve as the foundation for our overall security program, outlining the essential procedures and guidelines for protecting sensitive information.

To ensure that all employees are well-versed in their security responsibilities, we mandate that every new hire undergoes a thorough review of these policies as part of the onboarding process. This comprehensive training program equips our workforce with the knowledge and understanding necessary to uphold our security standards and mitigate risks.

The spectrum of our information security policies encompasses critical areas such as:

  • Access control: Governing the authorization and authentication of individuals accessing systems and data.

  • Change management: Ensuring controlled and documented modifications to systems and processes.

  • Risk management: Identifying, assessing, and mitigating potential threats to our organization.

  • Data classification and asset inventory: Categorizing data based on sensitivity and maintaining an accurate record of assets.

  • Incident response and management: Outlining procedures for detecting, responding to, and recovering from security incidents.

  • Network security: Protecting our network infrastructure from unauthorized access.

  • Encryption and key management: Safeguarding data through encryption and managing cryptographic keys.

  • Human resources security: Protecting employee information and managing access to sensitive HR data.

  • Information transfer: Ensuring secure handling of data during transfers.

  • Secure development: Integrating security practices into the software development lifecycle.

  • System monitoring and logging: Continuously monitoring systems for anomalies and collecting relevant logs.

  • Vendor management: Assessing and managing security risks associated with third-party vendors.

  • Vulnerability management and malware protection: Identifying and addressing vulnerabilities and preventing malware infections.

  • Mobile device management and remote working: Securing devices and data when employees work remotely.

  • Business continuity and disaster recovery: Planning for and recovering from disruptions to business operations.

Security training

Zeliot prioritizes security awareness among its employees through a comprehensive training program. All new hires are required to complete a mandatory security awareness training module as part of their onboarding process, equipping them with essential knowledge to protect company assets and data from the outset.

To maintain a high level of security consciousness, we implement an annual security awareness training program for all employees. This refresher course reinforces critical security concepts, highlights emerging threats, and emphasizes the importance of safeguarding sensitive information.

Recognizing the unique security challenges faced by our engineering teams, we offer specialized annual security training tailored to their roles and responsibilities. This targeted training focuses on secure coding practices, threat modeling, and other security-related topics relevant to software development. By providing role-specific training, we empower our engineers to build security into the software development lifecycle, reducing the risk of vulnerabilities.

Through these multifaceted training initiatives, Zeliot cultivates a strong security culture, fostering a mindset of vigilance and responsibility among our workforce.

Asset inventory

Zeliot maintains a comprehensive and current inventory of its IT assets, including networks, services, servers, and employee devices. This granular asset visibility is essential for effective security management and risk assessment.

Access to customer data is strictly controlled and adheres to the principle of least privilege. This means that only authorized personnel with a clear justification for accessing specific customer data are granted permissions. Furthermore, customer data is subject to rigorous auditing and monitoring by our security team to detect and prevent unauthorized access or misuse.

To safeguard customer information, Zeliot support and customer-facing employees undergo a stringent approval process before gaining access to customer data. This ensures that only individuals who have undergone necessary security training and background checks are granted privileges.

All Zeliot employees are bound by confidentiality agreements, reinforcing our commitment to protecting sensitive information.

Operational security

Operational security

Risk management and assessment

Zeliot conducts regular risk assessments to evaluate the effectiveness of our information security program. These assessments ensure that our policies and procedures align with industry best practices and comply with all relevant regulations. By proactively identifying and addressing potential vulnerabilities, we can mitigate risks and protect sensitive information.

Security vulnerability disclosure

Security vulnerability disclosure

Found a security issue in a Zeliot product? Help us fix it! Email sachin@zeliot.in with details (what's wrong, how to reproduce, impact). We'll keep things confidential and work on a solution. Thanks for helping keep Zeliot secure!