Security at RedNek

As a cybersecurity company, security is not a feature — it is the foundation of everything we build and operate. This page describes how we protect our infrastructure, your data, and our people.

Last updated: 22 May 2026

Our Security Program

A layered, defense-in-depth approach that covers people, processes, and technology.

Encryption

All data in transit is protected with TLS 1.2 or higher. Sensitive data at rest is encrypted using AES-256. Encryption keys are managed via hardware security modules (HSMs) with annual rotation.

Access Control

Role-based access control (RBAC) enforces least-privilege principles across all systems. Multi-factor authentication (MFA) is mandatory for all employees and privileged accounts. Privileged Access Management (PAM) governs access to critical infrastructure.

24/7 SOC Monitoring

Our own 24/7 Security Operations Center monitors our infrastructure in real time using SIEM correlation, behavioral analytics, and threat intelligence feeds. Anomalies trigger automated alerts and human-led investigation.

Infrastructure Security

All production systems are hosted on hardened, regularly patched infrastructure. Network segmentation, Web Application Firewalls (WAF), and DDoS mitigation are applied at all perimeters. CIS Benchmarks guide our baseline hardening.

Vulnerability Management

We conduct quarterly internal vulnerability scans and annual third-party penetration tests. Critical findings are remediated within 24 hours; high findings within 7 days. Our own VAPT team continuously validates our posture.

Security Awareness

All employees undergo security awareness training at onboarding and annually thereafter. Phishing simulations are conducted quarterly. Developers receive annual secure coding training aligned with OWASP standards.

Compliance & Certifications

Our security program is aligned with ISO/IEC 27001, NIST Cybersecurity Framework, and SOC 2 Type II principles. We support clients in meeting GDPR, HIPAA, PCI DSS, and India's DPDPA requirements.

Incident Response

We maintain a documented Incident Response Plan tested through tabletop exercises twice per year. In the event of a breach affecting your data, we commit to notifying affected clients within 72 hours of confirmation.

Third-Party Risk

All vendors and subprocessors undergo security assessments before onboarding and are reviewed annually. Binding data processing agreements are in place with all third parties that handle personal or sensitive data.

Secure Development Lifecycle

RedNek follows a Security Development Lifecycle (SDLC) for all internal software and client Deliverables. Security is integrated at every stage — from requirements through design, implementation, testing, and deployment.

Design

  • Threat modeling (STRIDE)
  • Security architecture review
  • Data flow analysis

Development

  • Secure coding guidelines (OWASP)
  • Mandatory peer code review
  • Pre-commit secret scanning

Testing

  • Automated SAST and DAST
  • Dependency vulnerability scanning (SCA)
  • Manual security testing

Deployment

  • Infrastructure as Code security linting
  • Immutable deployments
  • Change management approval workflow

Responsible Disclosure Policy

We appreciate and encourage responsible security research. If you believe you have discovered a security vulnerability in our systems, we ask that you report it to us privately so we can investigate and remediate before public disclosure.

Scope

  • Our primary website and web applications at https://www.rednek.co.in
  • Client-facing portals operated by RedNek
  • RedNek's internal infrastructure (where discoverable without unauthorized access)

Out of Scope

  • Third-party services or infrastructure we do not own or control
  • Social engineering attacks targeting our staff
  • Physical security testing
  • Denial-of-service (DoS/DDoS) testing

Our Commitments

  • Acknowledge your report within 3 business days
  • Provide an initial assessment within 10 business days
  • Keep you updated on remediation progress
  • Not pursue legal action against researchers who follow this policy in good faith
  • Credit researchers in our security acknowledgements (if desired)

To report a vulnerability:

security@rednek.co.in

Please encrypt sensitive reports using our PGP key, available on request.

Security Questions?

For security-related inquiries, audit requests, or to request a copy of our security documentation, reach out to our security team.

security@rednek.co.inContact Us