TCS provides consulting, IT solutions, products and services to its customers. Security is key to all of TCS' offerings. TCS' Information Security Management System is Certified on the globally recognized ISO 27001:2013 Information Security Management systems - Requirements standard and addresses key security controls. TCS has been certified "Enterprise wide" for ISO 27001:2013 security standards including compliance assessment for ISO 27017:2015 (Information Security Controls for Cloud Services) and ISO 27018:2019 (Protection of PII in Public Clouds as PII Processors) as well as for ISO 22301:2012 Business Continuity standards.
The TCS Information Security Management System applies uniformly to all TCS' operations, services and products / platforms including services provided through TCS own cloud or other cloud service providers. It defines set of controls across all locations from where operations related to TCS offerings are carried out. The TCS Jile Software is developed under the Standards, Procedures and Guidelines of the TCS Information Security Management System.
TCS Jile Software adheres to Secure Software Development Lifecycle guidelines as prescribed in the TCS' Information Security Management System. A summary of key security practices followed in the SSDLC is listed below
All software requirements are evaluated for the CIA triad of Confidentiality, Integrity and Availability
Threat Models are created for the software using the STRIDE approach
All third party software components are continuously evaluated for open vulnerabilities.
All code is continuously scanned through static application security testing (SAST).
The software is regularly scanned through dynamic application security testing (DAST).
Software is assessed for data privacy compliance requirements.
All TCS Jile members regularly undergo Information Security trainings as applicable to their roles.
Security is incorporated in all the phases of the lifecycle. TCS Jile uses the TCS Software Security Assurance (SSA) framework for the same. Security requirements are captured for all new applications. The software undergoes security design analysis which include threat modelling etc. Any change in software undergoes a change control procedure.
TCS Jile software implements the following security principles under the CIA triad
Confidentiality
Integrity
Availability
The Jile SaaS architecture uses a multi-tenant data model to host all its data. Data for each tenant is held separately. All user data is protected from unauthorized access. The Jile software is available in the software-as-a-service (SaaS) model. Jile is hosted using a third party cloud service provider Microsoft Azure with data centers located in India, US and UK. Details about the Security, Privacy and Availability practices of Microsoft Azure Cloud are available at
https://www.microsoft.com/en-us/security
https://www.microsoft.com/en-us/trustcenter
https://azure.microsoft.com/en-us/support/legal/sla/
https://www.microsoft.com/en-us/TrustCenter/Privacy/default.aspx
The Jile Software and website does not capture or store credit card details of Customers, and payments if any will be processed by PCI-DSS certified Third Party Payment Gateway service providers on their respective web sites such as PayPal (for Customers outside India) and PayU (for Customers from India) The terms of use and the Privacy Notice of the respective Payment Gateway service providers are as follows.
PayPal : https://www.paypal.com/in/webapps/mpp/ua/legalhub-full
PayU :
https://payu.in/privacy-policy
PayU : https://payu.in/tnc
This security policy was last updated on 07th September 2020.