Many a times Custom and Out-of-Box Applications and Features of Remedy are subjected to Data Security penetration tests and concerns are raised about Data Security. This paper tries to suggest resolutions to some of the critical Data Security concerns. The Core Out-of-Box ITSM Application is generally secure with respect to Data by extensive use of Assignee Groups Field to enforce multitenancy. Custom Applications and Peripherals features like "Approval Inbox" however have potential leakages from where sensitive information could be retrieved out without Authorization. The paper is essentially meant for Development Team to provide immediate resolutions to Security concerns on Remedy based Application, if the local environment/policies/guidelines allow.