Professional Documents
Culture Documents
Partner Managing:-
Avanse owner:-
Date:- 21-04-2023
Assessment team :-
(What is expected: - Valid user verification (eg: Strong passwords policy, Lockout, password expiry
options), Least amount of access required to complete the job (aka Least Privilege), Reviewing active
users, Reviewing the active admin users & their privileges)
Evidences:- user login with otp and generating session based tokens, every endpoint url access with
bearer token.
2) Audit logs to be maintained for any incidents analysis based on business requirements
(What is expected: - Application access logs, Database access logs, Database activity logs)
(What is expected: - Approval evidence, change logs for major changes in the application
configuration for the financial year)
Evidences:- role based admin access , application manager to accept or reject the application
Partner Comments: - Periodic Assessment black Duck Synopsys Tool, Performing Static analysis
Evidences: -
(What is expected: - Information Security training to employees including but not limited to Social
Engineering, Phishing, Malware, Best practices, & Information Security policies)
Partner Comments:- We will train the and provide awareness to handle the applications as per the
IT Policy of Preksha Edutech and Partner Guidelines.
Evidences:-
8) Mandatory encryption for data in transit and optional storage encryption demonstrating other
compensating controls
(What is expected :- TLS certificates, RSA/AES encryption, Wireless WPA3 encryption, Volume
encryption, Data security compliance (eg: ISO 27001) certification)
Partner Comments:- SSL , RSA , AES-256
(What is expected: - Network Firewall for requests, basic SOC operations in place, Backup policy,
Retention)
Partner Comments:- AWS security groups within VPC , Retention policy for latest versions, Every
day backups
Evidences:-
(What is expected: - Avanse InfoSec team approval before on-boarding the partner)
Partner Comments:-
Evidences:-