The burgeoning outsourcing business in India is not restricted to call centers anymore with data processing units coming up in large numbers but the absence of proper data security and cyber laws is hampering their business prospects, say experts. Thus the need to make security policies arouse so we arranged for the following policies for us.
The salient features of the security policy are:
Strict Non-Disclosure and Non-Compete Agreements bind all employees.
The entry of employee will be restricted to their working area along with time restrictions.
Entry of unauthorized person in building premises is strictly prohibited.
Adequate security personnel are present in building to guard the property.
The document storage area is well protected.
No unauthorized access is allowed in the systems area unless absolutely essential.
Nothing will be taken out of the premises without written permission.
Each personnel has his own password and access to a given computer/workstation is also restricted.
Nothing can be taken inside the premises without written permission.
Responsibilities are strictly defined and so there are no overlapping areas for work.
The salient features of the confidentiality policy are:
We agree that neither it nor its staff will reproduce in any way or divulge any tangible or intangible property whatsoever which could reasonably be construed as constituting confidential information of the Client.
We agree that neither it nor the staff working on the project will disclose any information about the project to any third party without the prior consent of an executive officer of the Client.
All raw data, directories, print outs, processed data and finalized product will solely be the property of the client.
All data and information provided by client will be confidential and strictly the property of the client.
Once the usage of data has been complete, we will destroy all raw and processed data.
We have well defined and documented security policies, processes and guidelines in place for reasonable protection of information in all the stages of the information life cycle and also for the offshore development centers. Senior management commitment for security, Well documented processes, technological controls along with the continuous user awareness initiatives, constitute some of the critical factors for our security program.
Some of the domain areas which are reflected in our security policies are risk management, access control, legal compliance, offshore development center security, virus prevention, asset management, business continuity management, and security incident management and user awareness etc to name a critical few. Most of these are considered critical for enabling a safe computing environment with us.
Risk based approach is undertaken for designing and implementing controls on availability and security parameters for IT services and offshore business operations. Some of the salient features in this area include:
Assessment of IT and business level risks on a periodic basis in various levels in the organization
Coverage of risks covering people, process and technology components
Risk management plans for various types of project lifecycle models
Security advisories and awareness communication to user community and business unit teams based on risk levels, real life incidents and severity of threats
Internal and external audits based continuous improvement program.
Users are educated continuously on the various threat factors and ways and means to address the issues for safeguarding intellectual property of ours and its customers. Industry standard access & authorization mechanisms for accessing critical applications are deployed to protect data in addition to advanced controls such as encryption. We have established secure mode of wide area connectivity with our customers to fulfill business requirements and customers’ data is handled with utmost care including suitable backup mechanisms and fail safe storage. Various regulatory compliance aspects of our customers are given importance while designing specific customer based offshore development center solutions. Customer project team’s back-up data on a periodic basis within their environment as per specific customer requirements and follow the plan as signed off in the business agreements with the customers.
Some of the physical security measures include imparting education on employee safety practices, constant patrolling of the premises, mandatory check of photo ID at entry, restrictions in visitor movements, and compulsory search of all incoming packages. All identified sensitive areas inside our premises are access controlled on a need to know and enter basis.