Home | Site Map | Guestbook | Contact Us | Search :    



Information Security

When it comes to offshore outsourcing, corporate data and systems security is of crucial importance and service providers need to ensure the confidentiality and integrity of vital customer information. HeroITES is committed to respecting, protecting and safeguarding privacy and confidentiality of data and information entrusted to the BPO firm by its valued clients. We have developed a stringent Information Security Policy to ensure compliance with governing laws and implemented a rigorous set of standard operating procedures designed to provide our clients with the requisite privacy and security necessary to achieve their trust and confidence.

Key Differentiators

HeroITES places high emphasis on information security and follows multi-level safety and security measures to ensure smooth operations flow, foolproof data security and complete maintenance of critical infrastructure equipment. We are a BS 7799-2:2002 certified company and rigorous & regular security audits remain an integral part of our customer commitment. This, in turn, enables us to ensure that our policies and procedures comply with world-class information security management systems. The BPO company is also CISA compliant and the certification programme promulgates generally accepted standards and guidelines to ensure that the organization’s information technology and business systems are adequately controlled, monitored and assessed.

HeroITES has passed several security audits by third party auditors, including those conducted by some of the world's largest financial institutions who are a part of the Fortune 500 list. We also sign non-disclosure agreements with all our global clients and never fail to enforce its rigorous confidentiality standards. All HeroITES employees are required to sign non-disclosure agreements as well, and training sessions are regularly held to emphasize the necessity of Information Security and its adherence by each team member.

Information Security Controls

Following are the Security Controls in place at HeroITES for meeting our BS7799-2:2002 Information Security objectives:
  • CRM application is SSL-enabled and uses 128 bit encryption. This is a secure and proven mode for data transfer leaving little possibility of data being intercepted during transit.
  • Besides proxy servers and firewalls, we use several layers of security controls to help ensure the integrity and confidentiality of transactions. The concept of “deny all and permit few” is followed for controls on the firewall.
  • Network is segregated into different Virtual LANs (VLANS) for securing the client processes segments.
  • Secure and restricted access to critical network devices.
  • Process desktops are grouped and segregated from each other to protect sensitive customer data.
  • Domain level security controls applied to all desktops as per the user hierarchy in the organization’s group policy.
  • All access privileges are provided on the network on “need only” basis. All other privileges are based on prior approvals.
  • All systems are automatically updated with necessary patches.
  • Remote access to all critical systems such as Multiplexers, Routers, Firewall and Switches.
  • The HeroITES Password Policy imposes restrictions and specific rules for choosing password in terms of length, complexity, age and history.
  • Security Policies are developed for System hardening on all production desktops:
    • Network Sharing Access has been debarred which includes sharing of Files & folders.
    • All external I/O devices such as Floppy Drives, USB Ports, COM Ports and Infrared Ports are disabled.
    • No email, internet or printer access/Optional/Accessories applications.
    • A stripped down version of Windows2000 is used and it is loaded with files to run user specific applications only.
    • All desktops are installed with client versions of Anti-Virus software.
  • Fault-Tolerant RAID 5 implemented on all critical servers for automatic back-up of your crucial data, while providing faster disk access and additional storage capacity.
  • Regular data back-up/replication and process of storing back-ups onsite/offsite.
  • Dedicated telecommunication resources are used for different processes.
  • Access to all telecom equipment is restricted to a selected few.
  • Access to server rooms restricted to authorized personnel only.
  • Proactive monitoring of the network with intrusion detection systems.
  • Structured method of incidence reporting.
  • All employees are reminded of their obligation to protect confidential information and are required to sign Non-Disclosure Agreements as a part of their confidentiality undertaking.
  • Regular training on information security to enhance staff awareness.
Systems Access Controls

  • Subject Access Management and Administration: Subjects are only authorized non-public access to the HeroITES IT/IS facilities in accordance with specific privileges that they have been granted. The BPO company has well-defined procedures for granting access to both HeroITES IT/IS facilities, and external services via HeroITES systems. We conduct a formal review of user privileges on a regular basis, ensuring that these remain appropriate, and dormant accounts are closed. All unused and vulnerable ports are closed for mitigating the risk of external attacks on the IT information resources and the network.


  • Remote Access: Controls are implemented to manage and control remote access to the HeroITES IT/IS facilities and key data on a case to case requirement (depending on Management approvals).


  • Privilege Management: The allocation and use of system privileges on each computer platform are restricted and controlled in accordance with the requirements and specifications of HeroITES Access Control Policy & HeroITES Authorized Use Policy.


  • Password Management: Users follow good security practices in the selection, use and management of their passwords and keep these confidential. The allocation and management of passwords are controlled in accordance with the HeroITES Password Policy.


  • Unattended User Equipment: Users of IT/IS facilities safeguard key data by ensuring that desktop machines are not left logged-on when unattended, and that portable equipment in their custody is not exposed to opportunistic theft. Only password-protected screen-savers and automatic logout mechanisms are used on office-based systems to prevent individual accounts being used by persons other than the account holders. However, this is not applicable for cluster computers that are shared by multiple users.


  • Operating System and Application Access Control: Access to operating systems and applications is controlled in accordance with the HeroITES Authorized Use Policy and HeroITES Access Control Policy. System utilities software is held securely when not in use and access will be strictly restricted to authorized staff.


  • Monitoring System Access and Use: Access to and uses of critical systems are monitored and audit logs are maintained for tracking of exceptions and corrective measures.


Industry Skills & Focus
Technology Edge
Technology Overview
Key Differentiators
Infrastructure
Information Security
Business Continuity Plan and Disaster Recovery
Privacy & Security
Operational Methodologies
Engagement Model
Transition Methodologies
Quality & Continuous Improvement
Facility Tour



Home | About Us | Why Us | HeroITES Services | Hero Heritage | Clients | Work With Us | Knowledge Bank | Newsroom   

Copyright © 2006. HeroITES. All rights reserved. Terms of Use | Privacy Policy