Security

Last updated: June 19, 2026

At DigiIMS, we take the security of your data seriously. Educational institutes trust us with sensitive student, staff, and financial information, and we are committed to protecting it with industry-leading security practices.

1. Data Encryption

  • In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3
  • At Rest: Sensitive data is encrypted using AES-256 encryption
  • Database: All database connections use encrypted channels

2. Infrastructure Security

  • Hosted on enterprise-grade cloud infrastructure
  • Regular security patches and system updates
  • Network-level firewalls and intrusion detection systems
  • DDoS protection and mitigation
  • Isolated tenant environments for data separation

3. Access Control

  • Role-based access control (RBAC) for all users
  • Multi-factor authentication support
  • Session management with automatic timeout
  • IP-based access restrictions available
  • Audit logs for all administrative actions

4. Data Backup & Recovery

  • Automated daily backups with 30-day retention
  • Geographically distributed backup storage
  • Regular disaster recovery testing
  • Point-in-time recovery capability
  • 99.9% uptime SLA

5. Application Security

  • Protection against OWASP Top 10 vulnerabilities
  • SQL injection prevention through parameterized queries
  • Cross-site scripting (XSS) protection
  • Cross-site request forgery (CSRF) tokens
  • Input validation and sanitization
  • Secure file upload handling

6. Compliance

  • GDPR-compliant data handling practices
  • Regular security audits and assessments
  • Data processing agreements available
  • Privacy by design principles

7. Incident Response

We maintain a comprehensive incident response plan that includes:

  • 24/7 monitoring and alerting systems
  • Defined escalation procedures
  • Notification within 72 hours of confirmed breaches
  • Post-incident analysis and remediation

8. Employee Security

  • Background checks for all team members
  • Security awareness training
  • Principle of least privilege access
  • Confidentiality agreements

9. Reporting Security Issues

If you discover a security vulnerability, please report it responsibly:

  • Email: digiimsnepal@gmail.com
  • Phone: +977 9810631146

We appreciate responsible disclosure and will acknowledge your report within 48 hours.