TCS provides consulting, IT solutions, products and services to its customers. Security is key to all of TCS' offerings. TCS' Security Management System is Certified on the globally recognized ISO 27001:2013 Information Security Management systems - Requirements standard and addresses key security controls. TCS has been certified "Enterprise wide" for ISO 27001:2013 security standards including compliance assessment for ISO 27017:2015 (Information Security Controls for Cloud Services) and ISO 27018:2019 (Protection of PII in Public Clouds as PII Processors) as well as for ISO 22301:2012 Business Continuity standards.
The TCS Security Management System applies uniformly to all TCS' operations, services and products / platforms including services provided through TCS own cloud or other cloud service providers. It defines set of controls across all locations from where operations related to TCS offerings are carried out. The TCS MasterCraft software's are developed under the Standards, Procedures and Guidelines of the TCS Security Management System.
TCS MasterCraft software adheres to Secure Software Development Lifecycle guidelines as prescribed in the TCS' Information Security Management System. A summary of key security practices followed in the SSDLC is listed below
All software requirements are evaluated for the CIA triad of Confidentiality, Integrity and Availability
Threat Models are created for the software using the STRIDE approach
All third party software components are continuously evaluated for open vulnerabilities.
All code is continuously scanned through static application security testing (SAST).
The software is regularly scanned through dynamic application security testing (DAST).
Software is assessed for data privacy compliance requirements.
All TCS Mastercraft Product associates regularly undergo Information Security trainings as applicable to their roles
Security is incorporated in all the phases of the lifecycle. TCS Mastercraft uses the TCS SSA framework for the same. Security requirements are captured for all new applications. The software undergoes security design analysis which include threat modelling etc. Any change in software undergoes a change control procedure.
TCS MasterCraft software implements the following security principles under the CIA triad
High availability is provided out of the box in SaaS model and for On Prem deployments software has capability to be deployed in high availability mode.
The MasterCraft SaaS architecture uses a multi-tenant data model to host all its data. Data for each tenant is held separately. All user data is protected from unauthorized access. The MasterCraft SaaS software is hosted in India using TCS's cloud services.
This security policy was last updated on 2nd September 2020