Security & Compliance
Xponentia Capital Partners LLP is committed to maintaining the highest standards of security, accessibility, and regulatory compliance. This page outlines our security measures, accessibility compliance, and remediation efforts based on security audits and regulatory requirements.
Digital Accessibility Compliance (RPwD Act 2016)
As a regulated entity, Xponentia is committed to ensuring our digital platforms are accessible to all users, including persons with disabilities, in compliance with the Rights of Persons with Disabilities (RPwD) Act, 2016 and SEBI Circular dated 31st July 2025.
Compliance Standards
Our website adheres to the following accessibility standards:
- WCAG 2.1 Level AA: Web Content Accessibility Guidelines 2.1 or latest version
- GIGW: Guidelines for Indian Government Websites (latest version)
- IS 17802: Indian Standards on Accessibility Requirements for ICT Products and Services
- RPwD Act 2016: Provisions of the Rights of Persons with Disabilities Act, 2016
Accessibility Features Implemented
Semantic HTML & Structure
- Semantic HTML5 elements (header, nav, main, section, article, footer)
- Proper heading hierarchy (h1 → h2 → h3, no skipping levels)
- Logical reading order and document structure
Navigation & Keyboard Access
- Skip to main content link for screen reader users
- Full keyboard navigation support
- Visible focus indicators (2px solid outline)
- ARIA labels and roles for interactive elements
- Mobile menu with proper accessibility attributes
Visual & Content Accessibility
- Descriptive alt text for all images
- Color contrast ratio ≥ 4.5:1 (WCAG 2.1 AA compliant)
- No reliance on color alone for information
- Responsive design for various screen sizes
- Support for screen readers
Technical Accessibility
- Proper lang attribute on HTML element
- Form labels and error messages
- Reduced motion support (prefers-reduced-motion media query)
- Semantic markup for assistive technologies
Grievance Redressal Mechanism
Xponentia has established an accessible grievance redressal mechanism for persons with disabilities. If you encounter any accessibility issues, please contact us:
- Email: compliance@xponentia.in
- Email: shilpa@xponentia.in
Security Assessment & Remediation
Xponentia regularly conducts security assessments to identify and remediate vulnerabilities. The following section outlines findings from our latest VAPT (Vulnerability Assessment and Penetration Testing) and the remediation measures implemented.
VAPT Findings & Remediation Status
TDL-001: Clickjacking Protection
Severity: Low | Status: Remediated
Issue: Website was vulnerable to clickjacking attacks where malicious sites could embed our pages in invisible iframes.
Remediation: Implemented X-Frame-Options header with "DENY" directive and Content Security Policy (CSP) frame-ancestors directive to prevent unauthorized embedding.
Implementation: Security headers are configured at the web server level to prevent iframe embedding from external domains.
TDL-002: Security Headers
Severity: Low | Status: Remediated
Issue: Missing essential HTTP security headers that protect against XSS, clickjacking, and MIME-type sniffing.
Remediation: Implemented comprehensive security headers:
- Content-Security-Policy (CSP): Prevents XSS and data injection attacks
- X-Frame-Options: DENY - Prevents clickjacking
- X-Content-Type-Options: nosniff - Stops MIME-type sniffing
- Referrer-Policy: no-referrer-when-downgrade - Controls referrer information
- Strict-Transport-Security (HSTS): Enforces HTTPS connections
- Permissions-Policy: Restricts use of powerful browser features
TDL-003: Vulnerable & Outdated Components
Severity: Low | Status: Remediated
Issue: Use of outdated third-party JavaScript libraries (jQuery) with known vulnerabilities.
Remediation: Removed dependency on third-party JavaScript libraries. The website now uses only vanilla JavaScript (ES6+) with no external dependencies, eliminating security risks from outdated components.
Implementation: All functionality has been reimplemented using modern, secure vanilla JavaScript without external library dependencies.
TDL-004: Server Name and Version Disclosure
Severity: Low | Status: Remediated
Issue: Server headers exposed software names and versions, aiding attackers in fingerprinting.
Remediation: Configured web server to suppress server details in HTTP headers and error messages. Server information is no longer disclosed in response headers.
Ongoing Security Measures
Regular Security Audits
Xponentia conducts regular security assessments including:
- Annual VAPT (Vulnerability Assessment and Penetration Testing)
- Quarterly security reviews
- Continuous monitoring of security advisories
- Dependency scanning for vulnerabilities
Accessibility Audits
In compliance with SEBI Circular requirements:
- Accessibility audits conducted by IAAP-certified professionals
- Usability testing involving persons with disabilities
- Annual accessibility compliance reporting
- Regular updates to maintain WCAG 2.1 AA compliance
Training & Awareness
Xponentia ensures that:
- All staff and third-party service providers receive training on digital accessibility
- Content developers are aware of WCAG 2.1 requirements
- Security best practices are followed in all digital initiatives
Compliance Status Summary
| Compliance Area | Standard | Status |
|---|---|---|
| Web Accessibility | WCAG 2.1 Level AA | ✅ Compliant |
| Digital Accessibility | RPwD Act 2016 | ✅ Compliant |
| Security Headers | OWASP Best Practices | ✅ Implemented |
| VAPT Findings | All Low Severity Issues | ✅ Remediated |
| Component Security | No Outdated Dependencies | ✅ Compliant |
Reporting Security or Accessibility Issues
If you discover a security vulnerability or encounter an accessibility issue on our website, please report it to us immediately:
- Security Issues: compliance@xponentia.in
- Accessibility Issues: compliance@xponentia.in
We take all reports seriously and will investigate and remediate issues in a timely manner.
Last Updated
This page was last updated on: January 29, 2026
Xponentia is committed to maintaining and improving our security and accessibility posture. We regularly review and update our practices to ensure continued compliance with regulatory requirements and industry best practices.