Security at Epicenter
The management at Epicenter Technologies Pvt. Ltd (ETPL) is committed to provide world class service in Business Process Outsourcing to our client and end customers alike with the aim of meeting all their requirements in terms of Quality, Information Security and other deliverables.
We do this by setting up clear Policy direction & Objectives with respect to Quality & Information security. We demonstrate support for, and commitment to Quality & Information security through the issue and maintenance of Quality & Information Security Policies.
Epicenter is certified for ISO 9001:2008 Quality Management System, ISO 27001:2013 Information Security Management System, PAS 99:2012 Integrated Management Systems and is compliant to PCI-DSS Payment Card Industry Data Security Standards.
Being certified and compliant to information security standards, our key goal is to protect information assets against the risk of loss, operational discontinuity, misuse, unauthorized disclosure, inaccessibility and damage.
Information security governance model adopted by Epicenter covers all information processes, physical and electronic, regardless whether they involve people and technology or relationships with trading partners, customers and third parties. It addresses information protection, confidentiality, availability and integrity throughout the life cycle of the information and its use within the organization. It also protects against the ever-increasing potential for civil or legal liability to be faced as a result of information inaccuracy and loss, or the absence of due care in its protection.
To strengthen our Information Security governance model at Epicenter, we have a formal Business Process and Risk Management System (BPRMS) which ensures:
- Development/maintenance of security policies
- Assignment of roles, responsibilities, authority and accountability
- Development/maintenance of a security and control framework that consists of standards, measures, practices and procedures
- Periodic assessments of risks and business impact analyses
- Classification and assignment of ownership of information assets
- Adequate, effective and tested controls for people, processes and technology
- Integration of security into all organizational processes
- Processes to monitor security elements
- Information security incident management
- Effective identity and access management processes for users and suppliers of information
- Meaningful monitoring and metrics of security performance
- Education of all users, managers and board members regarding information security requirements