Our Security Posture
Security is not a checkbox at Durrani Tech — it is embedded into how we build, deploy, and operate every system. We hold ISO 27001 certification and maintain SOC 2 Type II compliance across our client delivery operations.
Infrastructure Security
All client workloads are deployed on SOC 2-compliant cloud infrastructure (AWS, Azure, GCP). We enforce least-privilege access controls, network segmentation, and automated vulnerability scanning. Data in transit is encrypted using TLS 1.2+; data at rest is encrypted using AES-256.
Application Security
Our engineering teams follow OWASP Top 10 guidelines during development. All code changes undergo peer review and automated static analysis. Dependency scanning is integrated into every CI/CD pipeline. Penetration tests are conducted annually against client-facing applications.
Access Management
We enforce multi-factor authentication (MFA) for all internal systems. Privileged access management (PAM) controls are in place for production environments. Employee access is reviewed quarterly and revoked immediately upon offboarding.
Incident Response
We maintain a documented Incident Response Plan aligned with NIST SP 800-61. In the event of a security incident affecting client data, we commit to notifying affected clients within 72 hours of discovery, as required by applicable data protection regulations.
Employee Training
All Durrani Tech employees complete mandatory security awareness training at onboarding and annually thereafter. Role-specific training is provided for engineering and operations staff with access to sensitive systems.
Responsible Disclosure
If you believe you have discovered a security vulnerability affecting Durrani Tech systems or client-facing applications, please report it responsibly to security@durranitech.com. We commit to acknowledging receipt within 48 hours and working with researchers to resolve confirmed vulnerabilities.
Certifications & Compliance
ISO 27001:2022 — Information Security Management System. SOC 2 Type II — Security, Availability, and Confidentiality Trust Service Criteria. GDPR compliance for European data subjects. DPDP Act compliance for Indian data subjects.
Questions about this policy? Contact us