At Brickwork, data security is an ongoing practice and security practices are imbibed in our culture. We have implemented stringent data security measures to protect and secure the network, data and resources while delivering high-quality services to our customers. We treat "Customer data" with utmost care, keeping in mind the privacy, security, and confidentiality concerns. Below are privacy, security and confidentiality measures employed at Brickwork to safeguard your data.


  • Brickwork has been accredited by DNV-UKAS for ISO 27001:2013. This accreditation validates that our data privacy policies and practices are in full compliance with international standards
  • Brickwork is also compliant with the GDPR guidelines

IT Security Controls

  • Industry class web application firewall and other Gateway security configurations to block malicious traffic and unauthorized network access
  • Secured VPN-based network connectivity
  • DDOS mitigation in place
  • IDS & IPS measures in place
  • OS hardening for all end user devices
  • Strong encryption on mobile devices
  • Port based inbound/out bound controls on firewall
  • Corporate end point Antivirus/Antispam protection
  • Restricted printing permission
  • No personal devices allowed to carry out business operations
  • Patch management in place for critical IT assets
  • All traffic to and from the website is protected using SSL encryption

Incident monitoring capabilities

  • Brickwork’s IT Team is available around the clock to address any security incidents
  • All personnel with access to internal systems are fully trained and committed to protecting customer data
  • Incident management team with clearly defined responsibilities
  • Well defined procedure for incident report, monitor, mitigate and learn from incidents/weakness related to data security, physical security, and people safety

Data Security Awareness

  • Brickwork ensures that all personnel with access to internal systems are well trained, knowledgeable and committed to protecting customer data
  • Brickwork has created a strong “security-first” culture amongst all personnel.
  • Information security trainings are mandatory for all personnel. The training includes refresher on the NDA and confidentiality agreements, customer contractual requirements, ISO and GDPR
  • Information security related activities and quizzes are conducted at regular intervals on acceptable usage of information systems, email usage, internet usage, password protection, common phishing and data security attacks, incident reporting including BCP scenario simulation
  • Security guidelines for using social media, including information about social engineering
  • Periodic audits are conducted to identify gaps and to ensure compliance

Physical Security Controls

Brickwork’s physical infrastructure protects its onsite servers and network from unauthorised access.

  • 24/7/365 manned security
  • CCTV monitoring
  • Electronic biometric card reader access control system with two factor authentications to enter the office
  • Data centre is isolated with strict physical access control and monitoring mechanism

Access Controls

  • Network access control mechanisms is restricted to Brickwork IT team to prevent network traffic using unauthorized protocols
  • Need based access granted to all information systems through unique login credentials
  • All system passwords are required to change every 30 days
  • Intrusion detection and prevention
  • Biannual network vulnerability testing by industry-recognized third-party penetration testing service providers

People Compliance

  • Mandatory background checks for all personnel in accordance with the applicable laws
  • Mandatory execution of Confidentiality and Non- Disclosure Agreement, Acceptable usage form and consent form outlining their responsibility in protecting customer data
  • Code of Business conduct ensures that all personnel conduct themselves in a consistent manner with Brickwork guidelines, non-disclosure requirements, and ethical standards

Business Continuity Plan

  • Formal documented and tested business continuity plan (BCP)
  • Backup strategies designed to ensure redundancy during a significant processing failure
  • Dual power back up for data centre and critical IT assets
  • Dual ISP in place as part of redundancy
  • Firewalls and Servers are in HA cluster environment
  • Emails are stored in cloud server. Project data are backed up daily.