Narmada Security Practices

We take security very seriously and have implemented multiple layers of protection as outlined below.


Data Security


  • Data is encrypted at rest and in transit
  • Access to the back-end and front-end is protected by MFA and strong passwords
  • Regular local and “offsite” backups are performed
  • Customer data is never removed outside of Azure hosted and encrypted environment


  • Data is retained for certain amount of time for the purpose of recovery
  • At the request of the client, data can be purge from all storage location to comply with GDPR or other compliance requirements or in the vent of contract termination


Physical Security

  • Data is physically stored in Azure data centers in
    • Azure West region for the US instance
    • Germany West for the EU instance
  • Physical security is provided by Azure datacenter staff


Application Security

  • Regular patching is performed
  • External and internal vulnerability scans are performed
  • Penetration tests are performed on annual basis
  • Our team follow OWASP best practices.


Security Awareness

  • Security and privacy policies are regularly reviewed and updated to stay abreast of new threats
  • All staff is regularly trained and screened