|
 |
How HCL ensures its clients for their data protection |
|
|
|
|
|
HCL practices various methods to achieve data security needs of customers and for its internal need of securing intellectual property; some of them are detailed below: |
|
|
|
|
|
|
 |
Identification of data: We have a documented approach to identify and collect the data used as part of
business operations or support |
|
|
|
|
|
Assessment of its criticality: Data is assessed for its risk and criticality is measured |
|
|
|
|
|
Classification of data: Documented approach exists for classification and sign off of the assessed data |
|
|
|
|
|
Documented process to handle the critical data: Controls are identified and implemented to securely handle the data |
|
|
|
|
|
Data security awareness: Periodic awareness sessions are conducted to employees to understand the need of data security, their roles and responsibilities and approach we follow for data security |
|
|
|
|
|
Audits conducted by internal audit department and information security management system team |
|
|
|
|
|
Audits conducted by client audit team to ensure compliance as per the client requirements |
|
| HCL has been directly audited by a number of clients and found to be fully compliant with the data security requirements. |
|
| HCL has implemented various controls and monitors it continuously to ensure security is delivered as per the commitments. |
|
|
|
|
|
|
Physical Security |
|
|
|
|
|
|
|
Agents are not allowed to carry pen and paper while working |
|
|
|
|
|
Electronic Devices such as mobile phones, PDA etc are not be allowed on the
production floor |
|
|
|
|
|
Random audits to ensure security policies are followed |
|
|
|
|
|
Disciplinary action for the non compliance |
|
|
|
|
|
|
Access Control |
|
|
|
|
|
|
|
Limited, applicable application access required as per operations |
|
|
|
|
|
Mandatory profiles to ensure any stored data will be automatically erased after
temporary use |
|
|
|
|
|
No local storage provided, all data are stored at central storage |
|
|
|
|
|
Regular audits of central storage server |
|
|
|
|
|
USB ports, floppy drives and CD drives are restricted |
|
|
|
|
|
|
Email Security |
|
|
|
|
|
|
|
Agents should be given organization email facility only when required |
|
|
|
|
|
No mails can be sent outside the organization from the given mail facility |
|
|
|
|
|
|
Internet Access Security |
|
|
|
|
|
|
|
Restricted access to internet, sites will be allowed only if it is a process requirement |
|
|
|
|
|
Continuous monitor of web traffic and disciplinary actions taken for violations |
|
|
|
|
|
|
Awareness Programs |
|
|
|
|
|
|
|
Regular awareness program are conducted on data protection and its legality. |
|
|
|
|
|
Awareness of information security through class room sessions, intranet sessions,
posters, mailers etc |
|
|
|
|
|
|
Monitoring |
|
|
|
|
|
|
|
24 *7 monitoring of all security infrastructure |
|
|
|
|
|
Dedicated team and infra to perform security monitoring |
|
|
|
|
|
Products like McAfee EPO, Web sense reporter, ISS/CISCO Network and host intrusion detection system etc are used for monitoring |
|
