Narmada Security Practices

We take security very seriously and have implemented multiple layers of protection as summarized below.


Data Security


  • Data is encrypted at rest and in transit.
  • Access to the back-end and front-end is protected by MFA and strong passwords.
  • Regular backups are performed using multiple redundant solutions.
  • Customer data is never moved outside of Azure hosted and encrypted environment.


  • Data is retained for certain amount of time for recovery requirements.
  • At the request of the client, data can be purge from all storage location to comply with GDPR or other compliance requirements or in the vent of contract termination.


Physical Security

  • All systems and data is physically stored in Azure data centers:
    • Azure East region for the US instance with replication to Azure West region.
    • Germany West for the EU instance with replication to Azure UK.
  • Physical security is provided by Azure datacenter staff.


Application Security

  • Regular patching is performed.
  • External and internal vulnerability scans are performed.
  • Penetration tests are performed.
  • We follow OWASP best practices.


Security Awareness

  • Security and privacy policies are regularly reviewed and updated to stay abreast of new threats.
  • All staff is regularly trained and screened.