Eneruni provides consulting, IT solutions, products, and services to its customers. Security is key to all of Eneruni's offerings.

Eneruni’s Information Security Management System (ISMS) is certified on the globally recognized ISO 27001:2013 Information Security Management Systems - Requirements standard and addresses key security controls. Eneruni has been certified Enterprise-wide for ISO 27001:2013 security standards, including compliance assessment for:

• ISO 27017:2015 – Information Security Controls for Cloud Services
• ISO 27018:2019 – Protection of PII in Public Clouds as PII Processors
• ISO 22301:2012 – Business Continuity Standards

The Eneruni Information Security Management System applies uniformly to all operations, services, products, and platforms — including those hosted on Eneruni’s own cloud or through other cloud service providers. It defines a comprehensive set of controls across all locations from where Eneruni’s offerings are operated.

The TCS Eneruni Software is developed in compliance with the standards, procedures, and guidelines defined by the Information Security Management System.

Process Security

Eneruni Software adheres to the Secure Software Development Lifecycle (SSDLC) guidelines prescribed under the ISMS. A summary of the key security practices followed in the SSDLC includes:

• All software requirements are evaluated for the CIA triad — Confidentiality, Integrity, and Availability.
• Threat Models are created using the STRIDE approach.
• All third-party software components are continuously evaluated for open vulnerabilities.
• All code is continuously scanned using Static Application Security Testing (SAST).
• The software is regularly scanned using Dynamic Application Security Testing (DAST).
• Software is assessed for data privacy compliance requirements.
• All Eneruni members undergo regular Information Security training relevant to their roles.

Product Security

Security is integrated throughout the software lifecycle. Eneruni uses a Software Security Assurance (SSA) framework to ensure that:

• Security requirements are captured for all new applications.
• Software undergoes detailed security design analysis, including threat modeling.
• All software changes follow a formal change control procedure.

The TCS Eneruni Software implements security principles based on the CIA triad:

Confidentiality

• Authentication: Access to software and components is authenticated.
• Authorization: Access to software features is authorized using a Role-Based Access Control (RBAC) framework with proper role segregation.
• Network Access Control: Access is secured using perimeter network controls.

Integrity

• Data Security: Data is protected both at rest and in motion.
• Auditability: All key activities are auditable and logged.

Availability

• High Availability: Built-in failover and redundancy ensure continuous operation.
• Backup & Recovery: Backup and restoration procedures are defined.
• Disaster Recovery: Documented processes ensure business continuity in case of failures.

Hosting & Infrastructure

The Eneruni SaaS architecture uses a multi-tenant data model where data for each tenant is stored separately and securely. User data is fully protected against unauthorized access.

Eneruni software is offered in a Software-as-a-Service (SaaS) model and is hosted on Amazon Web Services (AWS) with data centers in India, the US, and the UK.

For more details on AWS’s security, privacy, and availability practices, visit:

• AWS Security
• AWS Compliance
• AWS Service Level Agreements
• AWS Data Privacy

Data Handling

• The Eneruni Software and website do not capture or store personal details of customers such as contact numbers, addresses, or bank account information.
• The Eneruni Software and website do not capture or store credit card details of customers.