Identification of data

Data is assessed for its risk and criticality is measured

Classification of data

Documented approach exists for classification and sign off of the assessed data

Controls are identified and implemented to securely handle the data

Data security awareness

Periodic awareness sessions are conducted to employees to understand the need of data security, their roles and responsibilities and approach we follow for data security

Audits conducted by internal audit department and information security management

system team

Client Audits are also welcomed to ensure compliance as per their requirement

Physical Security

Agents are not allowed to carry pen and paper while working

Electronic Devices such as mobile phones, PDA etc are not be allowed on the

production floor

Random audits to ensure security policies are followed

Disciplinary action for the non compliance

Access Control

Limited, applicable application access required as per operations

Mandatory profiles to ensure any stored data will be automatically erased after

Temporary use

No local storage provided, all data are stored at central storage

Regular audits of central storage server

USB ports, floppy drives and CD drives are restricted

Email Security

Agents should be given organization email facility only when required

No mails can be sent outside the organization from the given mail facility

Internet Access Security

Restricted access to internet, sites will be allowed only if it is a process requirement

Continuous monitor of web traffic and disciplinary actions taken for violations

Awareness Programs

Regular awareness program are conducted on data protection and its legality.

Awareness of information security through class room sessions, intranet sessions,

posters, mailers etc

Monitoring

24 *7 monitoring of all security infrastructure

Dedicated team and infra to perform security monitoring