Royal Enfield Motors Ltd. Royal Enfield

Question	Answer
How does the company identify, assess, and mitigate risks associated with its information security program?	Yes. The company has a comprehensive risk management process that includes identifying, assessing, and mitigating information security risks. The process involves conducting regular risk assessments, analyzing threats and vulnerabilities, determining risk levels, recommending controls, and implementing mitigation strategies. This is done through a structured approach that includes asset identification, threat and vulnerability analysis, impact assessment, and risk treatment.
what is questionaire?	Not applicable.
Do you use endpoint detection and response (EDR) for all company devices?	No. While we have comprehensive security measures in place, including antivirus software and device encryption, our current policy does not specifically mention the use of endpoint detection and response (EDR) for all company devices. Our workstation policy focuses on general security practices like encryption, antivirus software, and proper device usage, but does not explicitly require EDR.
How often do you conduct internal security risk assessments?	Yes. We conduct security risk assessments on a periodic basis. Our policy requires performing additional risk assessments that reexamine reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information at least annually. We also reassess the sufficiency of existing safeguards to control these risks during these periodic assessments.
Do you have a formal Information Security Management System (ISMS) in place?	Yes. We have a formal Information Security Management System (ISMS) in place. Our ISMS includes comprehensive policies and procedures covering various aspects of information security, regular risk assessments, and defined roles and responsibilities for managing information security across the organization.
How does your organization ensure administrative functions related to provided services, including those pertaining to customer IaaS, PaaS, or SaaS instances, are securely performed. For example, is all administration conducted from a secure Administrative web interface?	Yes. We ensure secure administration of our services through a combination of strict access controls, secure channels, and comprehensive monitoring. All privileged access to servers is conducted via encrypted network connections such as SSH or IPSec. We implement the principle of least required access for all administrative functions. Additionally, we maintain detailed logs of all administrative activities, which are regularly reviewed for any anomalies or unauthorized access attempts.
Do the forms in refered to in question P6.3 clearly describe the purposes for which personal information is being collected? (If so please provide verbiage from application form.)	Not applicable.
Original	Not applicable.
Does the lab owner ensure that, in the event of a transfer or departure, user access is de-provisioned on a timely basis?	Yes. We have robust procedures in place to ensure timely de-provisioning of user access upon transfer or departure. Our policy mandates that user accounts be de-provisioned within one business day of termination, with emergency terminations performed immediately. This process includes revoking all credentials and access privileges, ensuring comprehensive security.
Is there a recognizable perimeter or a secure perimeter between the Reception Zone and the Operations Zone?	Not Applicable.
Is the facility located in an area unlikely to experience serious man-made accidents, riots, and related problems? (e.g. tornado, earthquake, railway, airport)	Not applicable.
Is the Data Centre set up in a Rack and stack formation?	Not applicable.
Is there any cyber security awareness training is conducted in your organization?	Yes. We conduct comprehensive cybersecurity awareness training for our employees. This training covers various aspects of information security, including safeguarding sensitive information, recognizing and reporting security threats, and understanding legal responsibilities. Our approach ensures that all employees are well-equipped to maintain a strong security posture.
Does the Company Information Security Management Program contain data retention and destruction policies?	Yes. Our Information Security Management Program includes comprehensive data retention and destruction policies. These policies outline specific procedures for securely storing data during its lifecycle and properly disposing of information when it is no longer needed. This ensures we maintain data integrity, comply with regulatory requirements, and protect sensitive information from unauthorized access or exposure.
Does your organization's Service Level Agreement (SLA) provide for at least 99.995% availability in all facilities?	No. Our organization's Service Level Agreement (SLA) does not specifically provide for 99.995% availability in all facilities. However, we have robust business continuity and disaster recovery strategies in place. We rely on AWS availability commitments and SLAs for production uptime, and have measures to ensure critical services can be quickly restored in case of disruptions.
How does your organization support the integration of monitoring, auditing, and alerting systems with existing customer monitoring infrastructure?	Not applicable.
faq question	faq answer
Question	Answer
test	retest
How often did your organization conducts the soc audits	Annually
Do you have a risk assessment plan and policy	Yes
qes	ans
jnlm	jlk mnnnnnnnnnnnnnn

Question

Answer

How does the company identify, assess, and mitigate risks associated with its information security program?

Yes. The company has a comprehensive risk management process that includes identifying, assessing, and mitigating information security risks. The process involves conducting regular risk assessments, analyzing threats and vulnerabilities, determining risk levels, recommending controls, and implementing mitigation strategies. This is done through a structured approach that includes asset identification, threat and vulnerability analysis, impact assessment, and risk treatment.

what is questionaire?

Not applicable.

Do you use endpoint detection and response (EDR) for all company devices?

No. While we have comprehensive security measures in place, including antivirus software and device encryption, our current policy does not specifically mention the use of endpoint detection and response (EDR) for all company devices. Our workstation policy focuses on general security practices like encryption, antivirus software, and proper device usage, but does not explicitly require EDR.

How often do you conduct internal security risk assessments?

Yes. We conduct security risk assessments on a periodic basis. Our policy requires performing additional risk assessments that reexamine reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information at least annually. We also reassess the sufficiency of existing safeguards to control these risks during these periodic assessments.

Do you have a formal Information Security Management System (ISMS) in place?

Yes. We have a formal Information Security Management System (ISMS) in place. Our ISMS includes comprehensive policies and procedures covering various aspects of information security, regular risk assessments, and defined roles and responsibilities for managing information security across the organization.

How does your organization ensure administrative functions related to provided services, including those pertaining to customer IaaS, PaaS, or SaaS instances, are securely performed. For example, is all administration conducted from a secure Administrative web interface?

Yes. We ensure secure administration of our services through a combination of strict access controls, secure channels, and comprehensive monitoring. All privileged access to servers is conducted via encrypted network connections such as SSH or IPSec. We implement the principle of least required access for all administrative functions. Additionally, we maintain detailed logs of all administrative activities, which are regularly reviewed for any anomalies or unauthorized access attempts.

Do the forms in refered to in question P6.3 clearly describe the purposes for which personal information is being collected? (If so please provide verbiage from application form.)

Not applicable.

Original

Not applicable.

Does the lab owner ensure that, in the event of a transfer or departure, user access is de-provisioned on a timely basis?

Yes. We have robust procedures in place to ensure timely de-provisioning of user access upon transfer or departure. Our policy mandates that user accounts be de-provisioned within one business day of termination, with emergency terminations performed immediately. This process includes revoking all credentials and access privileges, ensuring comprehensive security.

Is there a recognizable perimeter or a secure perimeter between the Reception Zone and the Operations Zone?

Not Applicable.

Is the facility located in an area unlikely to experience serious man-made accidents, riots, and related problems? (e.g. tornado, earthquake, railway, airport)

Not applicable.

Is the Data Centre set up in a Rack and stack formation?

Not applicable.

Is there any cyber security awareness training is conducted in your organization?

Yes. We conduct comprehensive cybersecurity awareness training for our employees. This training covers various aspects of information security, including safeguarding sensitive information, recognizing and reporting security threats, and understanding legal responsibilities. Our approach ensures that all employees are well-equipped to maintain a strong security posture.

Does the Company Information Security Management Program contain data retention and destruction policies?

Yes. Our Information Security Management Program includes comprehensive data retention and destruction policies. These policies outline specific procedures for securely storing data during its lifecycle and properly disposing of information when it is no longer needed. This ensures we maintain data integrity, comply with regulatory requirements, and protect sensitive information from unauthorized access or exposure.

Does your organization's Service Level Agreement (SLA) provide for at least 99.995% availability in all facilities?

No. Our organization's Service Level Agreement (SLA) does not specifically provide for 99.995% availability in all facilities. However, we have robust business continuity and disaster recovery strategies in place. We rely on AWS availability commitments and SLAs for production uptime, and have measures to ensure critical services can be quickly restored in case of disruptions.

How does your organization support the integration of monitoring, auditing, and alerting systems with existing customer monitoring infrastructure?

Not applicable.

faq question

faq answer

Question

Answer

test

retest

How often did your organization conducts the soc audits

Annually

Do you have a risk assessment plan and policy

Yes

qes

ans

jnlm

jlk mnnnnnnnnnnnnnn

Trust Center Updates

Akitra has attained the ISO 9001-2015 Published at

TEST

Add a update to check screen loading Published at

description

Trackier Achieves SOC 2 Type II Certification Published at

In February 2025, Trackier successfully completed its SOC 2 Type II audit, reinforcing our commitment to data security, availability, and privacy. This certification ensures that our platform meets the highest industry standards for secure data management and risk mitigation. By undergoing rigorous third-party evaluation, we continue to provide our customers with a trusted and compliant environment for their business operations.

Enhanced API Security with Multi-Factor Authentication (MFA) Published at

As part of our continuous security improvements, Trackier has implemented Multi-Factor Authentication (MFA) for API access. This enhancement ensures an additional layer of protection by requiring users to verify their identity through multiple authentication steps before accessing sensitive data. With stronger encryption protocols and real-time monitoring, our API security updates further strengthen our platform’s resilience against unauthorized access and cyber threats.

Strengthening Security, Compliance, and Transparency Published at

As part of our ongoing commitment to security and compliance, we have introduced several key updates:

Enhanced Access Control Measures: Multi-Factor Authentication (MFA) is now required for all administrative and privileged accounts, with stricter session timeouts and improved identity verification protocols.
Upgraded Encryption Standards: We have implemented AES-256 encryption for all stored data and upgraded to TLS 1.3 for secure data transmission, ensuring stronger protection against cyber threats.
Regular Security Audits & Compliance Updates: Our latest ISO 27001 and SOC 2 audits have been successfully completed, reinforcing our adherence to best security practices. Additionally, we have updated our policies to comply with the latest GDPR and CCPA regulations.
Improved Incident Response & Monitoring: Our security team has enhanced real-time threat detection capabilities, implementing automated monitoring and logging for all system activities to detect and respond to potential threats faster.
Data Protection & Privacy Enhancements: Users now have greater control over their personal data with improved access request procedures and transparency in how data is stored, processed, and shared.
To view more contact us

Enhanced Security Measures and Compliance Updates Published at

We have strengthened our security framework by implementing stricter access controls, enhancing encryption standards, and conducting a comprehensive security audit. Multi-factor authentication (MFA) is now mandatory for all users accessing sensitive data. Additionally, we have updated our Data Encryption Policy to ensure AES-256 encryption for data at rest and TLS 1.3 for data in transit. Our Access Control Policy has been revised to include more frequent access reviews and improved role-based access management (RBAC). These updates align with industry standards such as ISO 27001 and SOC 2 compliance, reinforcing our commitment to data security and user trust.


	CPRA
	Gxpe
	SOC 2 Type II
	TCPA 2025
	Information Security

CPRA

Gxpe

SOC 2 Type II

TCPA 2025

Information Security


	Information Security Policy
	Incident Response Policy
	Access Control Policy

Information Security Policy

Incident Response Policy

Access Control Policy

Policies

Risk Profile

Legal

Data Privacy

FAQ

Request Access

Result Preview

Verification Code

Verification Code

Trust Center Update

Data Subject Access Request

Your Privacy Rights

Trust Center Update

Stay Updated

Name *

Email Address *

Welcome Back

Forgot Password

Change Password

Request Access

Contact Us Please select a reason for contacting us then submit your message.

Name *

Email Address *

Reason For Contact *

Message *

File Upload:

Enter Captcha *

Share the Trust Center

Contact Us
Please select a reason for contacting us then submit your message.