Infinity Fabric LLC is committed to maintaining the highest security and compliance standards to protect sensitive data and ensure the integrity of its systems. Below are the measures and protocols implemented across the company:

1. Multi-Factor Authentication (MFA)

• Hardware Security Keys (YubiKey):
  • All employees and contractors are required to use hardware-based USB security keys for login. These provide an additional layer of protection by requiring physical possession of the key to access systems.
• Two-Factor Authentication (2FA):
  • Enabled across all platforms using authenticator apps on smartphones or email-based codes for a secondary verification step.

2. Email Security

To ensure secure communication and prevent spoofing or phishing attacks, the following email security protocols are implemented:

• DMARC (Domain-based Message Authentication, Reporting, and Conformance):
  • Verifies that emails sent from company domains are authentic.
• DKIM (DomainKeys Identified Mail):
  • Digitally signs outgoing messages to confirm their origin.
• SPF (Sender Policy Framework):
  • Restricts on which servers can send emails on behalf of the company domain.

3. Website Security

• SSL Certificates:
  • All company websites, including support portals, are secured using SSL encryption to ensure data exchanged is protected from unauthorized access.
• Monitoring and Updates:
  • Regular monitoring and updates are conducted to maintain robust website security and eliminate vulnerabilities.

4. Compliance Features

• Zoho Compliance Features:
  • All compliance tools in Zoho are enabled to adhere to GDPR, ISO standards, and other regional regulations.
  • Built-in features include audit logs, data encryption, and role-based access controls.
• Company-Wide Policies:
  • All team members must follow strict compliance protocols for handling sensitive data and report any unusual activity immediately.

5. Breach Protocols

In the unlikely event of a security breach:

1. Immediate Notification:
   • All users will be notified of the breach as soon as it is identified.
2. System Shutdown and Isolation:
   • Systems will be temporarily taken offline to prevent further damage.
3. Investigation by Authorities:
   • Relevant law enforcement and cybersecurity agencies will be contacted to conduct a thorough investigation.
4. Perpetrator Accountability:
   • Efforts will be made to prosecute and punish the perpetrators to the full extent of the law.
5. Incident Reporting:
   • A full incident report will be shared with all stakeholders detailing the breach and preventive measures implemented.

6. User Responsibilities

• Mandatory Security Measures:
  • All users must use assigned hardware security keys and enable 2FA for all company accounts.
• Periodic Training:
  • Employees and contractors will undergo regular security training to stay updated on best practices and threat awareness.
• Immediate Reporting:
  • Any lost hardware keys, suspicious activity, or phishing attempts must be reported to IT immediately.

7. Ongoing Monitoring and Updates

• System Audits:
  • Regular system audits are conducted to identify vulnerabilities and ensure all compliance measures are up to date.
• Software Updates:
  • All devices and applications are updated regularly to patch security flaws.
• External Assessments:
  • Periodic penetration testing and third-party security assessments are conducted to validate the robustness of our systems.