What security certifications does eFACiLiTY® hold?

eFACiLiTY® is certified for SOC 2 Type II and ISO/IEC 27001. These certifications validate strong controls for security, availability, confidentiality, processing integrity, and privacy, supported by regular audits and continuous improvement of the Information Security Management System.

How does eFACiLiTY® control user access within the application?

eFACiLiTY® uses role-based access control with granular privileges. Access can be restricted by site, module, screen, report, tab, or field. Multi-factor authentication is supported and enforced for administrators and high-risk roles to ensure least-privilege access.

How is customer data protected and encrypted in eFACiLiTY®?

Customer data in eFACiLiTY® is protected using encryption at rest with Azure SQL Transparent Data Encryption and encryption in transit using SSL/HTTPS. Sensitive personal data can also be encrypted at the database level to prevent unauthorized access.

Does eFACiLiTY® provide audit logs and security monitoring?

Yes, eFACiLiTY® offers comprehensive audit logging with table-level and field-level tracking. It records create, update, and delete actions, along with application access, API usage, notifications, scheduler activity, and error logs for compliance and investigations.

What happens to customer data after contract termination?

After contract termination, customer data can be provided as agreed. Data is retained only for defined operational or compliance periods and is securely deleted from eFACiLiTY® systems once contractual obligations and retention requirements are fulfilled.

Compliance & Data Security

At SIERRA ODC Private Limited, security and data protection are integral to how eFACiLiTY® is designed, deployed, and operated. Our security framework is built to support enterprise-grade facility management operations while safeguarding customer data across regions.

This page outlines the key security controls, certifications, and compliance measures implemented within eFACiLiTY®.

Security Certifications and Compliance

SIERRA maintains internationally recognised security certifications to demonstrate our commitment to data protection and operational security.

SOC 2 Type II Certified: Validates controls related to security, availability, confidentiality, processing integrity, and privacy over an extended audit period.
ISO/IEC 27001 (ISMS) Certified: Confirms the implementation of an Information Security Management System aligned with global best practices, supported by regular surveillance audits.

These certifications reflect our ongoing commitment to maintaining robust security governance and continuous improvement.

Access Control and Identity Management

eFACiLiTY® provides strong access control mechanisms to ensure users can access only what they are authorised to.

Role-Based Access Control (RBAC) with granular privileges
User access can be restricted by site, location, module, program, screen, and report
Support for tab-level and field-level access controls
Users can be associated with one or more User Groups
Multi-Factor Authentication (MFA) is supported and mandatory for administrator and high-risk user roles

These controls help enforce the principle of least privilege across the application.

Application Security Controls

eFACiLiTY® includes configurable security policies that allow organisations to define and enforce authentication standards.

Key capabilities include:

Configurable password strength policies
Controls for password length, complexity, expiry, reuse, and history
Account lockout after consecutive failed login attempts
Automatic user disabling after prolonged inactivity
Password expiry alerts to users

Login credentials are protected using SHA-256 hashing, and sensitive personal data can be stored in encrypted form using AES encryption at the database level.

Data Protection and Encryption

To protect customer data throughout its lifecycle, eFACiLiTY® implements multiple layers of encryption:

Encryption at rest using Transparent Data Encryption (TDE) in Azure SQL Database
Encryption in transit using SSL/HTTPS
Secure handling of authentication and personal data in accordance with defined security configurations

These measures help safeguard data against unauthorised access and interception.

Security Monitoring and Audit Logging

eFACiLiTY® includes comprehensive logging and monitoring capabilities to support security oversight and traceability.

Configurable Audit Trail Configurator with table-level and field-level tracking
Logging of create, update, and delete actions
Reports available by user, date, module, table, and field
Additional logs include:
- Application access logs
- API logs
- Mail/SMS/notification logs
- Application error logs
- Scheduler logs

These capabilities help administrators monitor activity, investigate issues, and meet compliance requirements.

Application Security Testing

Security testing is conducted as part of a defined testing cycle to identify and address potential vulnerabilities.

Periodic vulnerability assessments and penetration testing
Use of industry-standard tools such as:
- Burp Suite
- OWASP ZAP
- SQLMap

Identified issues are reviewed and remediated in line with our security processes.

Third-Party Security Assessments

Third-party security assessments can be conducted upon customer request. Any vulnerabilities identified through such assessments are evaluated and addressed as part of our remediation process.

Data Retention and Deletion

Customer data is retained only for operational, contractual, and compliance purposes.

System backups are maintained for a defined retention period
Upon contract termination, customer data can be provided as agreed
Data is securely deleted from our systems following completion of contractual obligations

Contact

For questions related to security, compliance, or data protection practices, please contact:

Email: info@efacility.in
Last Updated: 31-December-2025

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Compliance & Data Security

Security Certifications and Compliance

Access Control and Identity Management

Application Security Controls

Data Protection and Encryption

Security Monitoring and Audit Logging

Application Security Testing

Third-Party Security Assessments

Data Retention and Deletion

Contact

Recent News & Events

Quick Links

Subscribe to our free technology newsletter…

Recent Posts

Recent News & Events

Contact Us