Security Center
Organizational security
Security is part of our culture. We have formalized security training, onboarding procedures, and background checks for team members. Internal access is granted on a least-privilege basis and reviewed periodically.
Team members handling client data are required to follow internal security protocols, and usage of secure communication channels is mandated for all sensitive interactions.
Physical security
Our infrastructure is hosted in Tier-4 certified data centers, which provide enterprise-grade physical security. These facilities offer 24/7 surveillance, biometric access controls, fire suppression systems, and power redundancy.
This ensures the hardware hosting your data is protected not just from digital threats, but also from physical tampering, natural disasters, or unauthorized access.
Server & Infrastructure Security
Our production servers are hardened with multiple layers of protection to defend against common threats. File permissions are tightly controlled and follow industry best practices.
Our web servers are configured with robust security modules, while server-side scripting environments are hardened by disabling insecure functions and minimizing exposed metadata.
Unused services and ports are disabled, and access to sensitive files and directories is restricted using strict server-level rules.
Data Protection
We take data protection seriously — both in transit and at rest. All communications are encrypted using modern TLS protocols (TLS 1.2 or higher), ensuring protection against interception or eavesdropping.
Data at rest is encrypted using strong, industry-standard algorithms such as AES-256. Access to sensitive configuration files is strictly controlled and excluded from version control systems.
We leverage encrypted environment variables and external secrets management systems to securely manage application credentials. Personally Identifiable Information (PII) is encrypted or masked where necessary to safeguard user privacy.
Identity and access control
We implement identity governance to ensure only the right individuals have the right access to resources. Access is provisioned based on the user’s role, with time-bound and need-based access wherever possible.
Administrative access is strictly restricted and audited regularly. When employees leave or change roles, access is immediately revoked or updated through a structured offboarding process.
Operational security
Sangam CRM enforces well-documented operational security policies covering asset management, incident response, remote access, patch management, and change control. Each team member’s access is tied to defined operational roles.
Change logs, approvals, and audits are maintained to ensure that operational changes are traceable and accountable. This reduces the risk of configuration drift or unauthorized modifications.
OS Security
We follow industry best practices and use trusted tools to secure our operating systems, applying regular updates, security patches, and strict access controls to prevent vulnerabilities and unauthorized access.
Data Isolation
Sangam CRM is built on a robust multi-tenant cloud framework that logically separates each customer’s data using secure isolation protocols. This ensures your service data is protected, inaccessible to other users, and fully owned by you—we never share it with third parties without your consent.
Authentication & Access Control
We ensure secure system access through robust authentication protocols. We enforce strong password policies with minimum length and complexity requirements to ensure account security. Two-Factor Authentication (2FA) is supported to provide an additional layer of protection.
Access is governed by Role-Based Access Control (RBAC) to limit what users can do based on their role. Session timeouts and re-authentication ensure protection against inactive sessions.
All API access is secured via token-based authentication systems, such as OAuth2, to ensure secure interactions. We also support Single Sign-On (SSO) for seamless integration with enterprise identity providers.
Logging & Monitoring
We maintain comprehensive logging and monitoring to track system activity and security events. We use structured logging with daily log rotation to ensure comprehensive tracking. Logs are forwarded to centralized log collectors for efficient tracking and analysis.
All sensitive actions—such as logins, API access, and critical operations—are logged. Additionally, we configure alerts for suspicious or unusual activity to trigger timely responses.
Application Security
Our platform is built using security-first principles to ensure robust protection against attacks. We protect against SQL Injection through the use of prepared statements and secure query building practices. Cross-Site Scripting (XSS) is mitigated by using auto-escaping mechanisms to prevent malicious script injection.
Cross-Site Request Forgery (CSRF) protection is enforced using tokens and other security controls. We also apply rate limiting on critical endpoints, such as login and APIs, to prevent abuse and brute-force attacks.
Uploaded files are validated, scanned, and sanitized to ensure they meet security requirements, including checks on file type and size.
Vulnerability Management & Patching
We continuously monitor the security landscape for vulnerabilities across the entire stack, including the web server, database, framework, and third-party dependencies.
We receive alerts from trusted sources and apply patches promptly, either as part of a regular cycle or immediately in the event of critical vulnerabilities.
We perform regular vulnerability assessments and penetration testing to proactively identify and address security risks, leveraging both internal resources and external expertise.
Deployment Best Practices
We follow industry best practices to ensure secure deployments. We ensure strict separation between development, staging, and production environments to prevent configuration and data leaks.
Our deployment pipelines support secure deployment practices with versioning, rollback capabilities, and audit trails.
Database credentials are securely managed with the principle of least privilege applied. SSL certificates from trusted, verified providers are installed to ensure secure and authenticated access.
Compliance & Standards
Sangam CRM follows globally recognized security standards and industry best practices. We implement industry best practices and follow recognized frameworks to prevent common web vulnerabilities and harden our infrastructure.
We are aligned with major global and regional compliance frameworks, including GDPR and other relevant data protection laws.
Security policies, checklists, and a formal Incident Response Plan (IRP) are available upon request for compliance audits or reviews.
Backup & Recovery
Your data is protected against loss with encrypted daily backups for both database and file storage. Backups are periodically tested to ensure successful restoration in case of failure.
We maintain a defined retention policy to ensure that backups are kept for an appropriate period. We maintain documented RTO and RPO to ensure that operations can resume quickly and with minimal data loss in a disaster scenario.
Incident Management
Security incidents are addressed swiftly through our Incident Response Plan (IRP). Our team is trained to detect, report, and resolve incidents in a defined timeframe. All incidents are logged, analyzed, and reviewed to improve our response strategies.
We maintain a clear communication plan for notifying stakeholders when required and ensure root cause analysis is done for every critical incident.
Architecture Diagram
Our architecture is designed with security and scalability in mind. The detailed architecture diagram outlines how user data flows through our system, how it’s encrypted in transit and at rest, and where redundancies are built in for failover and disaster recovery. By making this structure transparent, we help stakeholders assess our data protection posture with confidence.
Understanding our architecture helps our clients know where their data is hosted, how APIs are secured, how access is managed at each layer, and how we segregate client data. This is essential for risk assessments, audits, and IT security reviews on your side.
Software Bill of Materials (SBOM)
Sangam CRM maintains a comprehensive Software Bill of Materials (SBOM), which is essentially a detailed list of all open-source and third-party components used in our platform. This allows us to monitor, manage, and quickly address any potential vulnerabilities found in the components we use.
Maintaining an SBOM is becoming a critical requirement in modern cybersecurity frameworks. It ensures software supply chain transparency, making it easier to trace security issues and respond rapidly if any component is flagged in the future.
RTO & RPO (Recovery Time & Point Objectives)
We understand that downtime directly impacts your operations. That’s why we’ve defined clear Recovery Time Objective (RTO) and Recovery Point Objective (RPO) metrics. These parameters define how quickly we can restore service after a disruption (RTO), and how much data you can afford to lose in terms of time (RPO).
By aligning these metrics with best practices and continuously testing our disaster recovery processes, we ensure business continuity for your operations. Whether it’s a natural disaster or a cyber incident, you can count on Sangam CRM to bounce back swiftly and safely.
Non-Disclosure Agreement (NDA)
We take confidentiality seriously. All our client relationships are governed by comprehensive NDAs that protect sensitive information shared during onboarding, integration, and support processes.
Whether it’s proprietary data, business workflows, or internal process documents, NDAs ensure both parties are legally bound to maintain strict confidentiality. This is a critical foundation of trust between Sangam CRM and our clients.
ISO & Data Center Certifications
Sangam CRM is hosted on infrastructure providers who meet internationally recognized security standards such as ISO 27001, SOC 2, and GDPR compliance. Our cloud infrastructure is located in Tier-4 certified data centers offering maximum uptime and physical security.
These certifications reflect our commitment to safeguarding your data at all layers—network, application, and storage. They also help reduce your audit overhead, as our compliance maps well with many industry-standard requirements.
GDPR
Sangam CRM fully aligns with the principles and requirements of the General Data Protection Regulation (GDPR), the European Union’s gold standard for data privacy and protection. We ensure that personal data is collected, processed, and stored lawfully, transparently, and with the utmost respect for user rights.
Key GDPR principles like data minimization, purpose limitation, consent management, and data subject rights (like access, correction, and deletion) are embedded into our platform’s design and operations. Whether you operate within the EU or handle EU customer data, our GDPR readiness ensures your organization remains compliant while using Sangam CRM. Our team is also equipped to support GDPR-related documentation requests, DPIAs, and DSRs (Data Subject Requests).
VAPT
We follow a proactive security strategy that includes regular Vulnerability Assessment and Penetration Testing (VAPT), threat modeling, and code reviews. External security experts and internal audits work together to continuously assess and harden our system.
By detecting and fixing vulnerabilities before they can be exploited, VAPT helps us stay ahead of emerging threats. These assessments cover all critical areas including API security, user roles, data access, and application-level threats.
