Compliance & ISO 27001:2022
Verified corporate identifiers, certification details, and the information-security framework operated by LegelpTech Outsourcing Pvt Ltd.
ISO/IEC 27001:2022 Certificate
Certificate SCC/2509LU/2933
Issued to LEGELPTECH OUTSOURCING PRIVATE LIMITED by QFS Management Systems LLP, accredited by Standards Council of Canada (SCC).
Standard
ISO/IEC 27001:2022
- Certificate number
- SCC/2509LU/2933
- Standard
- ISO/IEC 27001:2022
- Certificate holder
- LEGELPTECH OUTSOURCING PRIVATE LIMITED
- Issuing body
- QFS Management Systems LLP, Noida, Uttar Pradesh, India
- Accreditation
- Standards Council of Canada (SCC) · IAF MLA signatory
- Initial issue date
- September 3, 2025
- Valid through
- September 2, 2028
- Scope
- Information security applied to staff augmentation services, recruitment, onboarding, deployment and management of technical and non-technical personnel for client projects.
For independent verification or a signed copy of the certificate, email contact@legelp.com. The certificate can also be verified directly with QFS Management Systems LLP.
Corporate Identifiers
Verifiable on Indian government registers
The following identifiers are independently verifiable via the Ministry of Corporate Affairs (MCA), the Goods and Services Tax portal, and the Income Tax Department.
CIN (Corporate Identification Number)
U82990DL2025PTC446352
Verifiable via MCA
PAN (Permanent Account Number)
AAGCL2485F
Verifiable via Income Tax
TAN (Tax Deduction Account Number)
DELL13374E
Verifiable via Income Tax
GSTIN
07AAGCL2485F1ZG
Verifiable via GST Portal
NIC Code
82990 (Other professional, scientific & technical activities)
Verifiable via MCA
Jurisdiction
RoC Delhi · CRC Manesar
Verifiable via MCA
Security Framework
ISO 27001:2022 aligned controls
We operate an Information Security Management System (ISMS) aligned to the ISO/IEC 27001:2022 standard, applied across all client engagements regardless of which brand they originate under.
NDA & Confidentiality
Mutual NDAs and confidentiality agreements signed before any engagement. Internal NDAs and IP-assignment agreements signed by every team member with project access.
Access Control
Principle of least privilege, role-based access control (RBAC), multi-factor authentication for production and client systems, periodic access reviews.
Secure Onboarding
Background verification, security training, signed acceptable-use policies, and device hardening before access to client environments is granted.
Data Protection
Encryption at rest and in transit, segregated client environments, secure code repositories, log monitoring, and structured backup and recovery procedures.
Client IP Protection
Work product, source code, and deliverables created during engagements are assigned to the client under the MSA. IP-assignment clauses are mirrored in every team-member contract.
Incident Response
Documented incident response procedures aligned to ISO 27001 Annex A controls. Defined notification timelines for incidents that may affect client data.
Data Handling
GDPR-aware processing
Data Processing Agreement
We act as a data processor on behalf of our clients (the data controller). A Data Processing Agreement (DPA) aligned to GDPR Article 28 is available on request.
Data residency
Client data is processed from delivery centers in India under contractually agreed locations. Cross-border data transfers are governed by Standard Contractual Clauses (SCCs) where applicable.
Data subject requests
Requests for access, rectification, erasure, or portability of personal data are routed to the data controller (client). LegelpTech assists in fulfilling such requests under the DPA.
Retention & deletion
Retention periods are governed by the client's data retention schedule. On engagement termination, data is returned or securely deleted per the MSA / DPA terms.
US Presence
Legelp Services LLC (Wyoming)
Legelp Services LLC is the administrative US presence of LegelpTech Outsourcing Private Limited.
1021 E Lincolnway Suite #6596, Cheyenne, WY 82001, United States
Legelp Services LLC is not a contracting party. All client contracts, statements of work, and invoices globally are issued by LegelpTech Outsourcing Private Limited unless otherwise agreed in writing.
Vendor Due Diligence
Documents available on request
Available to qualified prospective clients under NDA:
- Certificate of Incorporation (LegelpTech Outsourcing Pvt Ltd)
- ISO/IEC 27001:2022 certificate (downloadable above)
- Information Security Policy summary
- Business Continuity & Disaster Recovery plan summary
- Standard MSA, NDA, and DPA templates
- Security questionnaire responses (CAIQ, SIG, or custom)
- Insurance certificates (professional indemnity, cyber liability)
- GMSH operations partner overview