Omsaa Security


Privacy Practices

We do not sell your personal information to or share it with unaffiliated third parties for their own advertising or marketing purposes without your explicit consent

Check out our Privacy Policy  for more information  

Service Infrastructure

Omsaa is hosted on secure dedicated servers co-located in a Tier 3 Data Center which provides a secure and scalable technology platform to ensure we can provide you services securely and reliably.

Perimeter Security

We have a 3-Tier Architecture which incorporates best practices from various standards and certifications

We have strict network segmentation and isolation of environments and services in place.

Host Security

We use industry leading solutions around anti-virus, anti-malware, intrusion prevention systems, intrusion detection systems, file integrity monitoring, application control, application and audit log aggregation, and automated patching

Data Security

We employ separation of environments and segregation of duties and have strict role-based access control on a documented, authorized, need-to-use basis

We use key management services to limit access to data except the data team

Stored data is protected by encryption at rest and sensitive data by application level encryption

We use data replication for data resiliency, snapshotting for data durability and backup/restore testing for data reliability.

Incident and Change Management

We have deployed mature processes around Change Management which enables us to release thoroughly tested features for you both reliably and securely.

We have an Information Security Management System in place which quickly reacts, remediates or escalates any Incidents arising out of planned or unplanned changes.

Vulnerability Assessment and Penetration Testing

We employ both static application security testing and dynamic application security testing which is incorporated into our continuous integration / continuous deployment pipeline.

We are certified by RBI empanelled CERT-IN auditors and who will also conduct periodic external security testing and audits.

Standards and Certifications

We have infofully implemented RBI Master guidelines for NBFC Account Aggregator and technical specifications.

We meet the “Data Localization” requirements as per Reserve Bank of India(RBI) guidelines. This means all our customer data securely resides inside data centers in India using WebWerks

All compliance/audit statuses will be updated in this section in this policy.

Responsible Disclosure

We are committed about our customer's data and privacy.

The overall data and privacy security design allows us defend our systems ranging from low hanging issue up to sophisticated attacks.

If you are a security enthusiast or a researcher and you have found a possible security vulnerability on Omsaa products, we encourage you to report the issue to us responsibly.

You could submit a bug report to us at nitin.sawant@omsaa.com with detailed steps required to reproduce the vulnerability.

We shall put best of our efforts to investigate and fix the legitimate issues in a reasonable time frame, meanwhile, requesting you not to publicly disclose it.