We are continuing to work toward total security and risk management, focusing on principles listed within the ISO 31000:2009 management standard and have implemented policies and methods to protect your Private Information and Intellectual Property.
These are the following measures we have in place within our offshore office:
General Security Standard
- 2 security guards at all times at the entrance of the office
- Policy to prevent non-employees entering the office
- Back to base security system during office closed hours
- Monitoring cameras (entry and floor) with storage and live internet streaming
- Biometric scanners for every employee that logs on when entering building and logs off when leaving
Security Within the Office
- All disabling of unused USB ports
- Supervisors on floor that monitor staff at all times
- Separate individual lockers for staff to place their personal belongings
- Policy to lock all unattended PC’s when staff not at desk
- Policy that bans phones, recordable devices, paper and writing devices
- No access to printing on site
- Separate locked server room with secure IT infrastructure
- Independant 3rd party (offsite) IT support
- Policies on data management
Risk Management Procedures
- Onboarding procedures
- Employee manual that outlines key risk management methods
- Regular memos to update on office changes
- Risk management framework
- Risk management implementation infrastructure
- Individual staff risk management feedback process flow
- Legally binding employment agreements
- Legally binding NDA’s
- Annual independent review of legal documentation (by legal counsel)
- Annual independent review of risk management framework (by legal counsel)
In Country Foundation
One of the most foundational aspects of data and IP security in an international setting is the ability to execute and enforce the terms of an agreement if necessary.
In order to enforce an agreement, the outsourcing company (or any business) must have an Incorporated company within the country the agreement is to be enforced, otherwise they would basically have no legal grounds to enforce.
In setting up our own in-country presence, we have legally binding agreements which we can execute and enforce as required.
