Effective Date: 01/11/2025
This Cybersecurity Compliance Annex (“Annex”) forms part of and supplements the Master Services Agreement (MSA) or Service Agreement between:
Moondria Technologies
1st Floor, Citi Mall, Andheri West
Mumbai – India
AND
Client Name: ___________________________
This Annex outlines cybersecurity obligations, standards, and controls applicable to services provided by Moondria Technologies.
1. 📌 Purpose
The purpose of this Annex is to:
- Define cybersecurity responsibilities
- Establish minimum security standards
- Protect confidentiality, integrity, and availability of systems
- Reduce operational and cyber risk
2. 🔐 Information Security Controls
Moondria Technologies implements reasonable administrative, technical, and physical safeguards including:
🔹 Access Control
- Role-based access control (RBAC)
- Least privilege access principles
- Secure authentication mechanisms
- Multi-factor authentication (where applicable)
🔹 Data Protection
- Encryption in transit (HTTPS / TLS)
- Secure storage practices
- Access logging and monitoring
- Backup and disaster recovery mechanisms
🔹 Secure Development Practices
- Secure coding standards
- Input validation and sanitization
- Protection against SQL injection & XSS
- Code review and vulnerability assessment
3. 🛡 Network & Infrastructure Security
- Secure hosting environments
- Firewall configuration
- Server hardening
- Patch management procedures
- Continuous monitoring (where applicable)
4. 📊 Incident Response
In the event of a cybersecurity incident:
- Immediate containment and investigation
- Notification to Client within a reasonable timeframe
- Root cause analysis
- Remediation measures
- Preventive improvements
Moondria will cooperate in good faith to mitigate impact.
5. 📁 Data Handling & Retention
- Data will only be accessed as necessary for service delivery.
- Confidential data shall not be disclosed to unauthorized parties.
- Data retention policies will comply with contractual and legal requirements.
- Data deletion will be performed upon project termination if requested.
6. 🌍 Regulatory Compliance
Moondria Technologies aims to align with applicable standards such as:
- Indian IT Act requirements
- GDPR principles (where applicable)
- Industry best practices (ISO-inspired frameworks)
Client remains responsible for compliance specific to its industry and jurisdiction.
7. 🔄 Third-Party Services
Where third-party platforms are used (e.g., hosting, payment gateways):
- Security responsibility is shared according to provider policies
- Moondria will configure services securely within reasonable scope
- Third-party breaches beyond Moondria’s control are not its liability
8. 🧠 Security Awareness
Moondria promotes:
- Internal security awareness
- Secure password policies
- Controlled access to production systems
- Ongoing evaluation of security tools
9. ⚖ Limitation of Cyber Liability
Moondria shall not be liable for:
- Cyber incidents caused by Client negligence
- Breaches due to unauthorized third-party modifications
- Infrastructure outside Moondria’s control
Liability remains limited as defined in the governing Agreement.
10. 📞 Security Contact
For cybersecurity-related matters:
Email: contact@moondria.com
Security notifications should include:
- Incident details
- Affected systems
- Time of detection
- Contact information
🌙 Security Commitment Statement
Moondria Technologies integrates cybersecurity into every layer of design, development, and deployment — building digital systems that are secure, resilient, and future-ready.