At Harmoney, security isn't an afterthought—it is embedded into everything we do.
As a digital-first solution designed to bring efficiency to fixed-income markets, we prioritize information security and data protection. We ensure the highest information security standards through ISO certification (ISO 2701) and compliance with SEBI.
To provide clarity on how we safeguard client data and ensure compliance, here are answers to some of the most frequently asked questions:
- Where is the platform hosted?
Harmoney's software is hosted on AWS Mumbai, leveraging best-in-class security infrastructure.
- Does Harmoney have a Business Continuity Plan (BCP) in place?
Yes, Harmoney has a robust BCP framework that allows us to switch over within seconds in case of disruptions. BCP drills are conducted at periodic intervals to ensure preparedness.
- How is chat data secured and encrypted?
All data is encrypted at rest and in motion. AES 256-bit encryption secures data at rest, while HTTPS enforcement and TLS 1.2+ encryption ensure data remains protected during transit.
- Can Harmoney employees access chat data?
No, Harmoney employees don't have access to confidential client data. We have access controls placed to prevent unauthorized use and maintain an access control register. In case of an incident, authorized personnel will be given special access to investigate - this will be communicated to the client timely.
- How is client data segregated and stored within the platform?
Harmoney logically segments client data, enabling data retrieval for a single tenant without accessing another tenant's data. Data ownership is established at a very granular level.
- How are exchange credentials stored securely?
Only administrators can set up exchange credentials for the organization, which are encrypted and stored in AWS.
- What happens when an employee leaves? How is access managed?
Harmoney's user management system grants administrators full control, allowing them to seamlessly add or remove users as needed. Additionally, Harmoney allows for IP address restriction to access.
- Does Harmoney have a managed SIEM?
Yes, managed SIEM is in place. Harmoney uses real-time monitoring of all events and logs to ensure industry-grade incident management and threat detection.
- Is VAPT conducted?
Yes, Harmoney conducts periodic Vulnerability Assessment and Penetration Testing to identify and mitigate vulnerabilities proactively.
By leveraging advanced security protocols and adhering to the highest standards of information security, Harmoney is creating a secure, efficient, and transparent ecosystem for all the market participants.
Get in touch with your Relationship Manager or contact us for any questions or follow-ups at sales@harmoney.in