Security Center

Enterprise Security

Sifa is built on a foundation of rigorous security controls. We protect your company culture data and employee details with bank-grade security protocols.

Our Commitment to Trust

At Sifa, we recognize that the data your organization shares is highly confidential. We are committed to transparency in our security operations and ensuring your employee recognition environment remains robust, secure, and compliant.

Sifa aligns its controls with the SOC 2 security trust principles and industry-standard security frameworks to protect customer data.

1. Security Philosophy & Standards

Our security philosophy centers on defence-in-depth. We build security measures into every layer of our platform, from software design to infrastructure configuration.

SOC 2 Compliance Alignment: Controls regularly updated.
GDPR Compliant Data Handling: Safeguarding European employee rights.
Privacy Shield Standards: Adhering to international transfers.
Continuous Compliance Monitoring: Built-in automated checks.

2. Data Encryption

Your data is encrypted at all stages to ensure it is protected from unauthorized access or eavesdropping.

  • Data In Transit:

    All connections to the Sifa platform are encrypted using TLS 1.3 with secure cypher suites. Direct HTTP requests are redirected to secure HTTPS protocol instantly.

  • Data At Rest:

    Database backups, application databases, and system attachments are encrypted using industry-standard AES-256 algorithms managed through secure key rotation cycles.

3. Infrastructure Security

Sifa utilizes premium cloud hosting providers (e.g., AWS, GCP) which host infrastructure in ISO 27001, SOC 2, and PCI-DSS compliant physical datacenters.

Infrastructure Highlights:

  • Isolated Virtual Private Cloud (VPC) subnets.
  • Stateful security groups and network firewalls.
  • Distributed Denial of Service (DDoS) mitigation and protection filters.
  • 24/7 physical security guards, biometric entry, and CCTV logs at physical servers.

4. Application Security

We deploy strict practices to safeguard the code running Sifa from security flaws or exploits:

Code Quality & Review

All code merges undergo peer-review cycles and strict manual audits prior to code deployment in production environments.

Vulnerability Scans

We use automated dependency analysis tools to continuously monitor libraries and third-party modules for software vulnerabilities.

Penetration Testing

Independent third-party cybersecurity firms conduct external penetration tests on our platform APIs at least once a year.

OWASP Top 10

System architecture is fortified against SQL injections, XSS, CSRF attacks, and unauthorized directory traversals.

5. Access & Identity Management (IAM)

We verify identities thoroughly to prevent fraudulent access:

  • SSO (Single Sign-On): Integration with Okta, Google Workspace, and Microsoft Entra ID for corporate user governance.
  • MFA (Multi-Factor Authentication): Mandatory MFA options for corporate account administrators.
  • RBAC (Role-Based Access Control): Granular workspace settings restricting administrative panels, exports, and billing configurations to authorized stakeholders only.

6. Data Privacy & Multi-Tenant Isolation

Sifa employs a multi-tenant SaaS architecture. Logical boundaries are enforced at the database level to ensure one organization cannot view, modify, or interact with data belonging to another workspace.

Organization-level data separation is systematically tested during automated integration tests.

7. Threat Detection & Log Audits

Our operations team maintains comprehensive logging across application servers, database instances, and network borders.

  • Automated security information and event management (SIEM) systems trace anomalous access patterns.
  • Real-time alert systems trigger warnings if brute-force login attempts or unusual admin exports occur.
  • System audits are logged immutably, ensuring tamper-proof record keeping of critical actions.

8. Disaster Recovery & Backups

To ensure continuity of the Sifa platform, we maintain a disaster recovery plan:

RPO (Recovery Point Objective)

Under 1 hour

Incremental database snapshots performed continuously.

RTO (Recovery Time Objective)

Under 4 hours

Automated infrastructure deployment tools guarantee swift restore.

9. Personnel & Security Training

Security is not just software; it involves human habits. We enforce the following protocols:

  • Background checks are mandatory for all employees prior to joining Sifa.
  • Developer staff receive recurring security training on OWASP vulnerability patterns.
  • Clean desk policies, mandatory encrypted hard drives, and password-manager enforcement are standard protocols across all corporate workspaces.

10. Reporting a Vulnerability

If you believe you have discovered a security weakness or a bug in Sifa, we encourage you to contact us immediately:

Sifa Security Response

SECURITY ENQUIRIES

security@sifaapp.com