Security Policy

This security policy (the “Security Policy”) is prepared by SynOption Pte Ltd (“SynOption”) and contains important information about how SynOption addresses the security of your data while using www.synoption.com and optimus.synoption.com and their subdomains (“Platform”).

This Security Policy may be updated from time to time. We encourage you to check the latest version of this Security Policy regularly.

This Security Policy applies to information we collect about:

  1. visitors to our websites and Platform;
  2. people who register their emails, phone numbers and other personal or sensitive data with us for availing of Services on the Platform.

Your trust is very important to us and data security for us is of prime importance. To help you feel safe when you visit our Platform, we observe industry standard cyber security practices at the data, application, database, operating systems and network layers to adequately address and contain threats. Measures are implemented to protect sensitive or confidential information such as customer personal, account and transaction data which are stored and processed in systems. Data loss prevention strategy is implemented which includes protection of data at endpoints, data at rest and data in transit. Encryption algorithms are of only approved standards by the company. We make use of SSL to encrypt communications between our Platform to the backend services. An authenticated session, together with its encryption protocol, remains intact throughout the Platform’s interaction with you. We scan our Platform regularly for any vulnerabilities and resolve issues on a priority basis. This helps to keep you safe from attacks like Man-in-The Middle.

Customers are properly authenticated before access to online transaction functions and sensitive personal or account information is permitted. Access to the platform requires IP whitelisting, username/password and mobile based 2 Factor Authentication. Rigorous testing of systems is conducted to verify the security of the platform. Source code is reviewed and tested for security considerations. This covers measures to detect and correct information leakage, resiliency against input validation, unsafe programming practices, exception handling, logging and management of cryptographic functions.

Access control, both internally and externally, employs role based access control adopting the principle of least privilege. IT systems and devices are configured with security settings that are consistent with the expected level of protection. Network security devices, such as firewalls as well as intrusion detection and prevention systems, are installed at critical junctures to protect network perimeters with appropriate oversight on network rules and access controls. Patch management of systems is carried out to address security vulnerabilities that arise. The process includes the identification, categorisation and prioritisation of security patches. Security logs are maintained across systems to facilitate monitoring, detection and response of security events. Annual Vulnerability assessment and penetration testing is carried out to detect security vulnerabilities in the IT environment and such vulnerabilities are classified and addressed appropriately. These include testing for OWASP top 10 vulnerabilities.

An online session is automatically terminated at end of business day unless the customer is re-authenticated. In the event of interference, measures have been put in place to terminate the session, to resolve or reverse out the affected transactions and to inform you of the same.

We commit to protect the confidentiality, integrity and availability of business information, information processing facilities and provide a secure work environment to our client, employees and stakeholders.

In addition to the above, we strive to develop and implement relevant and cost-effective information security controls by:

  • Classifying all business and client information as per sensitivity;
  • Proactively assessing information assets risks and implementing practical and cost-effective controls to mitigate identified risks;
  • Controlling changes to information systems;
  • Handling security incidents through an efficient incident response process;
  • identifying, building and maintaining the competency of our employees to effectively manage the policy requirements;
  • Providing continuous information security awareness and education to employees and clients;
  • Preventing interruption to business processes by implementing business continuity program;
  • Continuously monitoring all information system to detect and prevent unauthorized activities;
  • Periodically reviewing this policy for its continued suitability and applicability;
  • Providing adequate resources required to manage and support effective implementation of this Security Policy.

We strongly urge all our clients, employees and stakeholders to acknowledge their responsibility in respect of maintaining the security of data of our clients and provide positive contribution to information security in conjunction with this Security Policy.

To help us achieve the above objectives, we urge you to:

  1. Install anti-virus, anti-spyware and firewall software in your personal computers and mobile devices;
  2. Update operating systems, anti-virus and firewall products with security patches or newer versions on a regular basis;
  3. Remove file and printer sharing in computers, especially when they are connected to the internet;
  4. Make regular backups of critical data;
  5. Consider the use of encryption technology to protect highly sensitive or confidential information;
  6. Log off the online session and clear the browser cache after the online session;
  7. Not install software or run programs of unknown origin;
  8. Delete junk or chain emails.;
  9. Not open email attachments from strangers;
  10. Not disclose personal, financial or credit card information to little-known or suspect websites;
  11. Not use a computer or a device which cannot be trusted;
  12. Not use public or internet café computers to access online services or perform financial transactions;
  13. Check that the Platform address changes from ‘http://’ to ‘https://’ and a security icon that looks like a lock or key appears when authentication and encryption is expected and report otherwise to us;
  14. Check the authenticity of the Platform by comparing the URL and our name in our digital certificate or by observing the indicators provided by an extended validation certificate;
  15. If you receive any SSL server security warning about the Platform, inform us immediately of warning messages on the Platform;
  16. Not reveal user IDs, passwords, security tokens, OTPs etc to any other person;
  17. Check your account information and transactions frequently and report any discrepancy to us immediately.