We have actively
sought and achieved
ISO 27001:2005
certifications for
information security
management systems
for client delivery
centers. Maintenance
of the certification
requires annual
audits and in
addition, we have
cleared periodic
information security
audits conducted by
our clients. A key aspect of Information Security is to
preserve the Confidentiality, Integrity and Availability of an organization's
information, allowing it to successfully engage in commercial activities. With
information being a key business asset, IS assumes an important role in
maintaining client trust.
Confidentiality: Assurance that information is shared only between
authorized persons or organizations. Breaches can occur when data is not
handled in a manner adequate to safeguard the confidentiality of the
information. Such disclosure can take place by word of mouth, printing,
copying, e-mailing, or creating documents and other data etc. Appropriate
information classification should determine confidentiality levels and hence
the appropriate safeguard measures are required to be in place.
Integrity: Assurance that the information is authentic and complete.
Ensuring that information can be relied upon for its purpose.
Availability: Assurance that the systems responsible for delivering,
storing, and processing information are accessible when needed, by those who
need them.
ISO27001 certification ensures that eClerx meets international standards of
information security with regards to:
Security policy - provides management direction and
support for information security within eClerx
Organization of assets and resources - classifying
assets and resources and implementing appropriate risk mitigating procedures
Asset classification and control - classifying assets
and appropriately protecting their access control
Personnel security - reduce risks of human error,
theft, fraud or misuse of facilities
Physical and environmental security - prevent
unauthorized access, damage and interference to business premises, processes
and information
Communications and operations management - ensure
accurate and secure operation of information processing premises and facilities
Access control - controlled access to information
assets
Systems development and maintenance - ensures that
security is built into information systems and applications
Incident Response - proactively manage information
security incidents
Business continuity management - counteract
interruptions to business activities and to protect critical business processes
from the effects of major failures or disasters.
We maintain
alternative
resources to
reduce the risk
of failure of
internet links
or internal
networks. We
have systems
enabling
automatic
switching to
such alternate
internet service
providers and
replacement
warranties for
our server. We
have a disaster
recovery site 15
km away from our
primary site of
operations where
we store tape
backup servers
in fireproof
safes. We also
conduct fire
drills at our
facilities on a
regular basis
and designated
crisis wardens
have been
trained for
emergencies.
Compliance - avoid breaches of any criminal and civil
law, statutory, regulatory or contractual obligations, and any security
requirement
