Security at Amstag Tech
Security is not a bolt-on for us, it is the discipline that our managed services, cloud, and cybersecurity practices are built on. This page summarises our own posture.
ISO 27001:2022 certified ISMS
Amstag Tech operates a certified Information Security Management System aligned with ISO/IEC 27001:2022. The scope covers our people, offices, endpoints, cloud services, and customer engagement lifecycle. Controls are reviewed internally each quarter and audited annually by an accredited certification body.
Data protection
Customer and personal data is classified, access-controlled, and encrypted in transit and at rest across our environment. Privileged access is issued on a least-privilege basis, rotated on a defined schedule, and logged to an immutable audit trail.
Secure development and change
Runbooks, infrastructure-as-code, and internal tooling live in version control, are peer-reviewed before merge, and are validated through CI. Production changes follow a documented change-management process with rollback plans and post-change verification.
Incident response
Our 24×7 SOC monitors both our own environment and customer environments under contract. Incidents are triaged against documented severity criteria, communicated to affected parties within our stated notification windows, and reviewed post-mortem to strengthen controls.
Responsible disclosure
If you believe you have discovered a security vulnerability affecting Amstag Tech or one of our public systems, please report it privately to security@amstag.in. Please do not publicly disclose the issue until we have had a reasonable opportunity to investigate and remediate. We commit to acknowledging good-faith reports within two business days.
