Data Security and confidentiality
When companies across the globe outsource their business services they are sharing a great deal of confidential company information and data with the outsourcing companies. The onus here is on the outsourcing company to protect the confidentiality and security of such information. Given the sensitive nature of such data, particularly in the case of payroll and accounting outsourcing services, outsourcing companies should be conscious of these concerns and address them.
At Initor we are extremely sensitive to the security and confidentiality of client data. Our comprehensive and well integrated security programs are business centric and take into account all the operational risks related to outsourcing.
Initor is also ISO 27001-2013 certified for it’s the most standard Quality Measures for Information Security for the most sensitive information of its clients and other IT controls. Initor maintains a very high protocol for maintaining the confidentiality of its client’s information and the most sensitive data.
Our data security policies address both the physical as well as the IT related aspects of data security and we have tested measures in place to deal with them.
- Closed circuit cameras to monitor and secure work place;
- Access control system at the entrance to allow controlled entry into the production areas;
- Access to the server room is restricted to the IT team which is authenticated by access card;
- Workstations do not have CD R/W drives and the USB ports are disabled;
- Document storage area is well protected.
- Anti-Virus Software
- Check for updates at least daily
- Quick scan daily
- Boot Scan on weekly basis
- Full scan on monthly basis
- Antimalware Software
- Quick scan twice a day
- Host-based firewall software
- Default Windows firewall software
- Password Protection
- All users have their own passwords which changes every 42 days
- Restricted Access
- Only the authorized users would have access for the restrictive information of the clients that they would be working for.
- Account Management
- Deactivate accounts after separation of affiliation
- Review account access requirements for changes regularly
- Session Controls
- Configure server to LOCK and require re-authentications after no more than 5 minutes of unattended time
- Configure all computers to LOCK and require re-authentication after no more than 10 minutes of unattended time
- Previous version backup twice a day
- Differential backup weekly
- Full backup monthly
- Use of personal email accounts not allowed; restricted and controlled access to Internet sites
- Moving towards a paperless environment
- IP authentication to restrict outsider access to confidential information within office.
- All employees are bound by stringent non-disclosure and non-compete agreements.
- We recognize that all the data and information provided by the client is confidential and strictly the property of the client.
- No one at Initor will ever disclose any client information to any third party without the prior consent of the client.
- All raw and processed data whether in electronic format or in printouts will be destroyed once the work is over.