MYNDHRX
Updated on: October 30, 2025
MYNDHRX

About MYNDHRX

MYNDHRX includes: Employee Information Portal (EIP), Leave, Attendance & Separation modules where an employee can view & manage his/her personal & official information, can Mark-In & Mark-Out for the day and can do all the basic needed activities on a day to day life of an Employee Life Cycle.

Security FAQ
Security & Compliance

Frequently Asked Questions

Comprehensive answers to your security, compliance, and data protection questions about MYNDHRX.

Q1. Does MYND adhere to Information Security Standards?

We have an Information Security Management System (ISMS) in place derived from ISO standards, which takes into account our security objectives and the risks and mitigations concerning all the interested parties. We have achieved ISO 27001 certification to demonstrate our compliance with the standards.

Q2. Will MYND employees have access to our data and what data will they have access to?

Access to your data is restricted to a small number of employees on a need-to-know basis in order to provide you technical support. This access is reviewed periodically.

Q3. Is data stored on MYND cloud products encrypted?

We encrypt customer data both in transit and at rest. Data at rest is encrypted using industry-standard AES-256. All customer data is encrypted in transit over public networks using Transport Layer Security (TLS) 1.2/1.3

Q4. How is customer data segmentation implemented in MYND cloud services?

Our framework distributes and maintains the cloud space for our customers. Data of multiple customers is logically separated from each other and our framework ensures that no customer's service data becomes accessible to another customer.

Q5. How does MYND protect itself against DDoS attacks?

We use technologies from well-established and trustworthy service providers, who offer multiple DDoS mitigation capabilities to prevent disruptions caused by such attacks.

Q6. Does MYND conduct Vulnerability assessment & penetration tests?

Yes, we conduct Vulnerability assessment & penetration testing annually by third party.

Q7. Does MYND have an incident response program?

We have a dedicated Incident Response Team which is responsible for incident detection, assessment, and recovery activities. In cases where we are controllers of data and an incident leads to a data breach, the affected customers will be notified within 72 hours after we become aware of it. In cases where we are processors of data and an incident leads to a data breach, the respective controllers will be informed without undue delay. For incidents specific to an individual user or an organization, we will notify the concerned party through email (using their primary email address). The Complete report will be provided to customers on request within 5 to 7 working days.

Q8. What are MYND responsibilities in the event of a security incident?

We notify the incidents that apply to you, along with suitable actions that you may need to take. We track and close the incidents with appropriate corrective actions. Whenever applicable, we provide you with necessary evidences regarding incidents that apply to you. Root Cause Analysis will be provided on request.

Q9. As a customer of MYND, what are the additional security options I have to protect my data?

Additional security features that can be availed by customers:

  • Multi factor Authentication
  • Configurable password policy
  • IP restrictions
  • Role based Access control
  • Encryption for custom fields
  • Account activity audit

Q10. If a customer discontinues MYND service, how long is their data retained?

We hold the data in your account as long as you choose to use MYND Services. Once you terminate your MYND user account, your data will eventually get deleted from active database immediately and we will share the destruction certificate to the client.

Q11. What is MYND's business continuity and disaster recovery plan?

We have a business continuity plan and Disaster Recovery Plan in place. Our Data Center in Mumbai and DR in Delhi with RTO (8 hours) and RPO (2 hours)

Q12. What is your risk assessment process? How often is risk assessment performed?

We have a risk assessment policy and procedure to identify, analyze and mitigate risks by implementing appropriate controls. We perform risk assessment for every major change that happens in our environment. The overall risks are reviewed and updated once in a year.

Q13. What is your employee background verification policy?

Each employee undergoes a process of background verification. We hire reputed external agencies to perform this check on our behalf. We do this to verify their criminal records, previous employment records if any, and educational background. Until this check is performed, the employee is not assigned tasks that may pose risks to users.

Q14. What certifications does MYND possess to demonstrate its compliance with standards?

We are certified in ISO 27001:2022 and ISO 27701:2019, and compliant with SOC 1 Type II and SOC 2 Type II across Security, Confidentiality, Processing Integrity, Availability, and Privacy. Annual ISO and SOC audits are conducted, covering all critical and essential controls.

Q15. Do we have documented Information Security Policy?

Yes, MYND has documented and approved Information Security policy in place. MYND is committed to protect the Confidentiality, Integrity, and Availability of information entrusted to it by its stakeholders, and will strive to be compliant to all relevant and applicable legal, regulatory, statutory and contractual obligations. We are also committed to continually improving the ISMS by adopting the best practices and Technology prevalent in the Industry.

Q16. Is there a cross-organizational committee that meets regularly on cybersecurity issues?

Yes, we have Information Security Steering Committee is in place and half yearly meeting is being conducted to ensure the information security is being followed and maintained

Q17. Specifically how do you protect customer information?

a. MYND network is accessible by employees only if authorized by an appropriate login and password. We have a password protected screen saver and desktop locking mechanism is activated when the workstation is unattended. USB are blocked for the users and Acceptable use policy is in place. Data at rest is encrypted with AES256 bit.

b. Under ISO 27001 information security framework we have included all IT Systems Controls to maintain the Data Security at each layer, and each data state: - Data security policy includes to cover Data Integrity, Confidentiality, and Availability. - Data in rest: - All data in rest is encrypted at our systems with AES algorithm mechanism. - Data in Transit: - is encrypted at transport layer using TLS strong encryption over.

Q18. When was last time you had a cybersecurity assessment performed by a third-party organization? What were the results of that?

External audit of ISO27001:2013 done by third party (BSI). MYND has done surveillance audit of Information Security Management System in Dec'23 with no Non conformity and observation.

Q19. Briefly describe your organization's approach for appropriately classifying / categorizing IT assets, information, and data.

We have Data Classifying and asset management is in place. Based on type of information, it is labelled as restricted, confidential, internal, and public

Q20. Is the data and media (cloud, disc, thumb drives, paper, archival data, backup records, etc.) destroyed to a status of unrecoverable (compliant to which data wiping and shredding standards)?

All electronic scrap items like Hard disk, compact disk, magnetic tapes, computer accessories etc. are handed over to government approved e-recycler agency for safe disposal and paper records shall be disposed of as per the framed retention and destruction schedule using the paper shredder.

Q21. Are background checks completed on new hires / contractors prior to gaining access to client data / supporting environments?

We have background verification process and NDA is signed for all employees. For contractors, we have an NDA and Background verification clause with the contracting company in our agreement.

Q22. What Frontend – Technology is being used?

Frontend – Technologies are asp.net MVC, HTML5, bootstrap3, Jquery

Q23. What is the programming language for MYNDHRX?

We are using Microsoft .Net language

Q24. What is the Platform infrastructure Uptime?

As per SOP, infrastructure uptime is followed to be higher than 99.95%

Q25. How often do you enforce password expiration for accounts using single factor authentication?

Password policy expiration for account is 365 days configured

Q26. What is the password policy followed by MYNDHRX?

The default MYNDHRX password policy ensures minimum of 8 characters with stronger complexity of numeric and special characters combination.

Q27. Is initial assigned password forced to be changed upon first login?

No initial password is provided to any user in the system. User needs to reset a password directly in the product.

Q28. What is the software bill of material (SBOM) for MYNDHRX?

The following components are used in the MYNDHRX project:

  • Angular (Version 19.0.0): This is used for the front-end web interface and is sourced from npm install -g @angular/cli.
  • ASP.NET Core (Version 6): This is the backend API, with its source being https://github.com/dotnet/aspnetcore.
  • C# (Version 10): This is also used for the backend API.
  • MySQL (Version 8): This is another component of the backend API.
  • ng-bootstrap CSS (Version 13.1.1): This is a custom style sheet that comes from a local project file.
  • Visual Studio (Version 2022): This is the Integrated Development Environment (IDE) used for .NET development, with its source being https://visualstudio.microsoft.com.