OHI

Data Security Measures

Enterprise-grade protection for outsourced accounting operations. We are SOC 2 Type II and ISO certified, with policy-backed controls across physical, network, and operational layers.

Security Domains

Our framework combines audited compliance, monitored infrastructure, strict access governance, and continuity planning to keep client data protected end to end.

SOC 2

Type II Certified

ISO

27001 Certified

256-bit

SSL Encryption

24/7

Monitoring

🏢

Physical Security

Access control system at workplace entrance enables only authorized personnel to the workspace.
Screening of visitors and employees by a security guard, including night shifts, during entry and exit for data storage media like USB drives, SD cards, and memory cards.
No cameras, camera phones, and digital recording media are allowed in sensitive processes or sections of our premises.
The entire work floor area is covered under CCTV security cameras. The feed is monitored by IT and administration departments on a regular basis.
Building awareness in employees regarding phishing attacks and scams.

📋

Policy Backed Security

Our organization adheres to a privacy and data security policy developed in consultation with outsourcing experts. This is clearly discussed with existing and new staff to ensure complete understanding and compliance.
Employees sign non-disclosure agreements (NDA) with stringent data security clauses, enforceable under Indian laws including the Information Technology Act, 2000.
Complete background checks are conducted for employees, including references from past employers, registration with the nearest police station, and family background checks.
Most of our employees have prior outsourcing experience and are familiar with strict data security policies of outsourcing firms.

🔒

Data Security

Emails are monitored and protected through Microsoft 365 and Intune. Multi-Factor Authentication (MFA) and frequent password changes ensure mailbox access is limited to authorized personnel only.
Email servers are secured using Microsoft Defender, Sophos Endpoint Protection, and Microsoft Intune Data Loss Protection (DLP).
Access to all data is protected through 256-bit SSL encryption, ensuring secure data transmission.
Comprehensive security audits are conducted regularly to assess and strengthen system defenses.
We are actively moving toward a paperless environment, supporting both environmental sustainability and enhanced data security.
We adhere to globally accepted data retention, backup, and data deletion policies, ensuring responsible data lifecycle management.
We consistently maintain a high Microsoft Secure Score, reflecting a strong security posture and adherence to best-practice controls.

🌐

Network Protection

Network protection is maintained through Sophos Firewall and Microsoft Defender for both server and client-level security, defending against viruses, worms, and other malicious attacks.
Segmented LAN architecture ensures controlled data flow and internal containment of potential threats.
Multiple client-level access restrictions are enforced to limit data exposure.

🏷️

Data Classification and Handling

Our departmental and office networks are securely segmented to contain potential threats and minimize the impact of any security incident.
All data is classified under clearly defined categories to enable strict information flow controls and prevent unauthorized access.
We ensure end-to-end encryption across all storage and transmission layers for comprehensive data protection.
Advanced logging and monitoring tools are deployed to detect, flag, and respond to policy violations or anomalies in real time.

💻

PC and Shared Workspaces Security

OHI is fully on the Office 365 platform.
Individual domain accounts for each processor ensure access to source documents is restricted to authorized employees only.
PCs used by processors have disabled USB and CD-ROM drives.
Users are not permitted to use personal email accounts. Access to a variety of websites is limited and monitored.
Shared workspaces such as OneDrive have restricted access to assigned teams only.

🔄

Business Continuity

We maintain a robust Business Continuity Plan (BCP) to ensure uninterrupted delivery of critical services, even during unforeseen disruptions.
Key operational processes are mapped, prioritized, and supported with redundancies across infrastructure, personnel, and supply chains to maintain resilience.

⚡

Disaster Recovery

Our Disaster Recovery Plan (DRP) includes rapid failover capabilities, ensuring minimal disruption in the event of system failure or cyber incidents.
We conduct regular simulations and testing of recovery procedures to validate readiness and reduce downtime during actual emergencies.

📧

Mail Backup

We implement automated daily backups of all corporate emails to ensure data integrity, retrieval, and compliance with regulatory requirements.
Backup systems are secured with encryption and stored in geographically redundant locations, ensuring email data is protected and quickly restorable when needed.

Compliance & Certifications

Our commitment to security is validated by industry-leading certifications and compliance frameworks.

✓

SOC 2 Type II

Independent audit of our security, availability, and confidentiality controls. We maintain the highest standards of trust and transparency.

🛡️

ISO 27001

Globally recognized standard for information security management systems, ensuring systematic approach to managing sensitive data.

🌍

GDPR Ready

Fully compliant with EU data protection regulations. We implement privacy by design and default in all our processes.