Information Security Statement

Access Control & Identity Management

We enforce access controls grounded in the principle of least privilege to ensure users only access what they need to perform their roles. Our identity management practices rely on robust role-based access frameworks that maintain clear separation of duties and minimise risk. By continuously reviewing and refining access entitlements, we uphold a secure and well-governed access environment across all systems.

• Secure authentication protocols, including Multi-factor Authentication (MFA) across systems.
• Regular access reviews to ensure privileges match job responsibilities.
• Centralised identity management with automated provisioning and deprovisioning.
• Segregation of duties enforced across sensitive processes.

Security Monitoring & Threat Management

Coforge maintains proactive security monitoring capabilities that continuously observe enterprise environments to detect anomalies and potential threats. Our threat management processes integrate advanced detection and response techniques to enable early risk identification, reduce response times, and strengthen overall cyber resilience.

• Critical systems and infrastructure are continuously monitored by a 24×7 Security Operations Center (SOC), leveraging global threat intelligence feeds to proactively identify, analyse, and respond to emerging cyber threats in real time.
• Industry-leading threat detection and response capabilities, including Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR), Data Loss Prevention (DLP), Security Orchestration, Automation, and Response (SOAR), and other behavioural and anomaly detection platforms are implemented to enhance security visibility, accelerate incident response, and reduce operational risk.
• Attack surface and exposure management practices incorporating AI-driven risk prioritisation and rapid vulnerability remediation are employed to enable faster risk reduction and strengthen cyber defence resilience across the enterprise.

Secure Infrastructure & Cloud Security

Coforge infrastructure is designed using secure architecture principles that emphasise resilience, segmentation, and strong control baselines. We apply hardened configurations across systems and cloud environments to reduce exposure and strengthen our overall security posture. By combining these practices with continuous monitoring and modernisation, we ensure a secure and dependable foundation for all digital operations.

• Segmented networks with strong firewall and IDS/IPS controls.
• Cloud environments configured following shared responsibility models and leading security best practices.
• Regular backup validation and continuity planning to ensure resilience and availability.

Business Continuity & Resilience

Coforge continually strengthens its cyber resilience by enforcing defined security governance, driving proactive threat management, and safeguarding critical systems and services. We actively implement information security controls to identify and manage cyber risks, sustain service availability, prevent unplanned disruptions, and uphold regulatory and contractual compliance. Through this ongoing commitment, we ensure the secure, dependable, and resilient operation of business processes across the organisation.

• Coforge maintains a formal Incident Response and Business Continuity framework, defining procedures for the detection, containment, eradication, and recovery of security incidents, with continuity measures aligned to established Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO).
• Response readiness and operational resilience are validated through periodic incident simulations, tabletop exercises, and routine testing of Business Continuity and Disaster Recovery (BCP/DR) plans, ensuring continuity of critical business operations.
• Clear escalation paths and communication channels are established to support timely decision-making, transparency, and effective impact minimisation during security and operational incidents, in alignment with contractual and regulatory requirements.

Supplier Security & Sustainability Governance

Coforge actively manages cybersecurity risks across its supplier and vendor ecosystem, ensuring that third-party partners uphold security, privacy, and resilience standards consistent with our internal expectations. We align these practices with our broader sustainability commitments by promoting responsible sourcing, ethical data handling, risk-based onboarding, structured assessments, contractual safeguards, and accountable vendor relationships across our digital supply chain.

• Conduct vendor security assessments before onboarding and perform scheduled periodic reviews to evaluate ongoing compliance and risk posture, supporting responsible and sustainable supplier governance across our ecosystem.
• Clearly established confidentiality, data protection, and security obligations within all vendor contracts to ensure enforceable controls, ethical data handling, and accountable partnerships throughout the supply chain.
• Apply risk-based supplier onboarding process that tailors security requirements to each supplier’s risk profile, promoting responsible sourcing practices and ensuring appropriate safeguards are embedded from the outset.

Workforce Training, Awareness & Digital Responsibility

Coforge cultivates a culture of digital responsibility by equipping its workforce with continuous awareness, training, and guidance to use technology safely, ethically, and securely. Every employee is empowered to protect information, respect privacy, and practice responsible digital behaviour as a core part of day-to-day work. As people form a critical line of defence, Coforge strengthens a sustainable security and privacy culture through:

• Delivering pre-onboarding training and assessments that embed security and privacy expectations from the first day of employment.
• Delivering information security and privacy compliance programs using interactive, scenario-based learning modules that build practical understanding and reinforce consistent, responsible behaviour.
• Training employees to identify and report phishing attempts through realistic, controlled simulations that develop recognition skills and reduce human factor risk.
• Advancing digital responsibility through leadership-driven security campaigns supported by targeted communication, including concise advisories, awareness newsletters, and visually impactful workspace reminders that encourage secure behaviour.
• Promoting an environment of accountability by maintaining clear reporting mechanisms and proportionate, fair responses that reinforce security as a shared organisational responsibility.

Across all initiatives, Coforge integrates principles of sustainability and environmental responsibility by prioritizing digital first learning methods, reducing physical material use, and fostering ethical, responsible use of technology throughout the workforce.

Digital Ethics - Responsible Handling of Customer & Employee Data

Coforge promotes responsible digital practices by ensuring that customer and employee data is handled securely, ethically, and with accountability. Our approach reinforces trust by protecting information throughout its lifecycle and aligning security operations with our broader sustainability commitments.

• Responsible data handling practices govern the collection, use, storage, and security of information, ensuring fairness and transparency
• Information security controls emphasise accountability, data minimisation, purpose clarity, and disciplined retention to reduce risk and support responsible, sustainable operations.
• Security measures align with globally accepted frameworks and regulatory expectations, strengthening the protection of individual rights through secure processing, controlled access, and clear mechanisms for managing data subject requests.