Infrastructure | Security | Connectivity
Maveric is a world-class independent software QA testing company with a state-of-the-art independent testing laboratory and diagnostic facility. This enables us to provide comprehensive onsite software quality assurance services and offshore testing services to our clients across the world, who outsource software QA testing to us.
Maveric's independent software testing hub is located at its headquarters in Chennai, India. We also have offices at Mumbai, Bangalore, Dubai, London and New Jersey.
Project teams however, deliver offshore software testing projects from these and many other locations both within India and in other countries.
We have dedicated 2 Mbps DSL based internet connectivity with load balancing to enable us to provide remote testing services. In addition we have multiple Internet connectivity (512Kbps) for other requirements. VPNs have been configured using WatchGuard products to provide secure testing services to on-site clients who outsource QA testing projects, through the Internet.
Project specific licenses of Mercury and Rational suite products are commonly utilized across various client engagements. In addition to industry standard automation tools, Maveric also possesses extensive experience in some open source tools recognized by the industry. These include Bugzilla for bug reporting and project management, and OpenSTA for load simulation and testing.
Infrastructure
Server Infrastructure
Multiple Intel based servers (Windows NT, 2000 and Linux)
-
File Server (Project Specific Test Assets)
-
Web Server
-
Backup Server
-
FTP Server
-
Application Server (Internal Applications)
-
Application Server (Project related support apps like Defect Management etc.)
Mirroring for data backup and security
Networking
Cisco switches
Project / Client specific segments with necessary security controls setup based on requirements
Databases and other Middleware Applications
Databases: MSSQL, MySQL, Postgresql Servers
Web / Application Servers: IIS, Apache, Tomcat
Other databases and applications are setup based on project specific needs. Licenses for these are typically provided by the client.
Internet Connectivity
Multiple 512 Kbps / 2 Mbps DSL based internet connectivity with load balancing
Firewall implementation - Anti-virus, Intrusion Detection, Load Balancing, LAN Segregation, VPN
Secure VPN Connectivity established for multiple clients - Site-to-site, client-to-site VPN using encryption, authentication such as 3DES, MD5 and RSA tokens
Security
Security Management and Enforcement
Technical and operational access controls are implemented in line with all relevant legislation and recommended best practice. This includes preventative, detective, deterrent, corrective and recovery controls.
We have experience of implementing creative and efficient risk-based solutions based on a security threat posture and we are willing to discuss a plan which best suits your business requirements.
A pictorial representation of the various security layers that have been generically implemented is outlined in the following section
Further, Maveric has initiated steps towards compliance with ISO 27001 and is planning to become compliant by the end of this year
Confidentiality
Maveric has experts who are familiar with the requirements of ISO17799 / BS7799 / ISO27001.
It is general practice that all information and data is handled in accordance with relevant legislation both onshore and offshore. All data and information is subject to technical and operational controls in order to limit access to staff working on the project.
The practical steps to ensure confidentiality are listed below.
-
All employees sign confidentiality agreements.
-
Written and explicit policies are in place to deal with breaches of confidentiality. These policies are strictly enforced and are communicated to all employees.
-
Access to data files are restricted to specific project staff and access by non-project staff is not permitted.
-
Electronic authentication of users by means of passwords.
-
Access control by means of role based authentication, locked server rooms and internal fire walls.
-
There is a clear audit trail that tracks when, for what purpose and by whom any data was accessed.
-
There is a disaster prevention and recovery plan that includes adequate fire and entry alarms where data is stored, routine back ups for electronic data and off site storage of backups.
-
External fire walls in place to prevent remote access by unauthorized users.
-
Virus checking is routine as are updates to the data files and engines to provide maximum protection of data files.
-
Employees are instructed not to send out any mails with attachments from client ID unless it is a document or report directly required for the project.
-
We do not provide floppy or CD writing access to employees to ensure that no data leaves our premises. There is restricted access to data storage areas. We use locked file cabinets.
-
We employ established shredding procedure for disposal of documents after use.
-
We do not allow any client documents to be carried out of the office by our employees without prior written consent.
Security Layers
Data security has been addressed across layers of our corporate network (Application Server, Database Server, Storage etc.) as well as the connectivity solutions deployed to access client infrastructure. A combination of physical and logical access controls, encryption, background checks and execution of necessary agreements have been implemented to address the same.
Maveric’s generic security elements at the Physical, Network and Data level is as follows;
