Information and Data Security Compliance Statement
The Security and Privacy of your data is a core part of Allsec's business. This statement provides our clients, the assurance & our commitment to information & data security compliance. In continuously addressing security issues, we have developed Data Security programs that evolve from the changing needs of our client's data security requirements.
At Allsec, establishing appropriate security programs that our clients can rely upon, has been primal since inception. Our privacy programs are developed, tested and established fulfilling the requirements of Internationally recognized standards, industry best practices and clients' expectations.
Our Privacy Operations Philosophy
Back to Top
Primarily, Allsec's Privacy philosophy is to move beyond Compliance into a Business Assurance approach centered around not just Compliance but also continuous monitoring meeting every data privacy & security requirement so as to ensure privacy of Clients' data. We also focus to accomplish continual improvement in our privacy landscape. Transition from compliance to business assurance is the key in having efficient security practices and what we need is additional security models focused on IT systems and Technology enhancements with an essence of dynamism. At Allsec, it is the way to apply current industry best practices and create an appropriate Service Management System that can adopt newer dimensions of security structures and remain sensitive to evolving privacy diktats. We use our management systems as an effective tool to meet the dynamic needs of our Clients' business to ensure the information is processed with quality and at the same time it is protected retaining the evidences of such quality
and security practices needed for review and continuous improvement.
Our Privacy Programs
Payment Card Industry Data Security Compliance (PCI DSS)
The Payment Card Industry (PCI) Data Security Standard is a worldwide standard for payment card and consumer financial data protection. It incorporates the requirements of the Visa USA Cardholder Information Security Program (CISP) and the Visa International Account Information Security (AIS) program, the MasterCard International Site Data Protection (SDP) program, as well as the security requirements of American Express DSS, DiscoverCard DISC etc., VISA and MasterCard now require all merchants to adhere to the PCI security standard. Our compliance with PCI standards is certified by a certified PCI compliance services provider.
Our delivery centers are tested at least once in every 90 days with industry-standard PCI Compliance remote vulnerability testing.
Back to Top
Allsec's information and data security programs ensure compliance with the network perimeter security criteria mandated in regulations such as: the Health Insurance Portability & Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), the Sarbanes-Oxley Act (SOA) and other Electronic Data Protection regulations applicable to the business of Allsec, as a Business Process Outsourcing Services provider.
Health Insurance Portability & Accountability Act Compliance (HIPAA)
With an array of certifications related to Information Security in our kitty, we understand that being HIPAA compliant will take our data security management towards next paradigm. In line with this philosophy, apart from being PCI DSS complaint, Allsec's expertise in data security management has extended to being HIPAA compliant. HIPAA exclusively defines the security requirements for the service industry required for protecting the electronic personal health information (EPHI). Customized controls ranging from physical security, security of network and system components that store, retrieve & transmit customer's data are deployed practicing the best- in-class operational procedures. Our model of layered security controls, appetite for Compliance & continuous improvement in Information Security lead to Clients' satisfaction and appreciation as we always experience.
SAS 70 Type II
The SAS 70 audit is one of the most demanding certifications that a data center operator can undergo because it examines all aspects of the internal control system. Not only must the controls be present, they must also be documented and verified. Allsec is a SAS 70 Type II Certified organization since 2007 consistently maintaining the effectiveness and efficiency of the controls periodically evaluated bi-annually after they were placed in operation. This assures our clients that the control system is functioning properly and there is a review of controls applicable for the Clients' programs from time to time which is one of the key process steps of SAS 70 Type II audit.
While PCI DSS and SAS 70 caters to strategic management of information & data security, at an operational level an information security program that can act as a solid foundation for all the Compliance programs is required. ISO 27001:2005 is an International standard that provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS) and provides a healthy foundation. We are ISO 27001 certified. Healthy sustenance requires combination of Quality Management System also to control its environment. Realizing this fact, Allsec has implemented ISO :27001 as an integrated management system of both Information security and Quality. Our environment of internal controls, across all of our accreditations undergoes not only the tight scrutiny through internal security audits but also quality process audits. Business Continuity Management / Disaster Recovery systems and Information Security governance structure enforced by ISO 27001:2005 enable Allsec to maintain secure IT environment.
The information on this website has been compiled by Allsec Technologies Limited (Allsec). Although we have attempted to provide accurate information, no representation is made or warranty is given as to the completeness or accuracy of anything contained on this website. Neither Allsec nor its affiliates or agents shall be responsible for any gains or losses that may be incurred by the viewer by acting on the basis of the content of this website.
Back to Top
Allsec respects your privacy and is committed to protecting the information you provide us through this web site. We do not sell or distribute user information to third parties. We gather user information in order to serve your needs and respond to your information requests. These are the guidelines we use in protecting your privacy.
Collecting User Information
We collect information about our web visitors indirectly through our Internet access logs. When you access Allsec, the browser's domain name and Internet address is automatically collected and placed in our Internet access logs. We use this information to learn about which sections, pages and information web site visitors access.
Disclosure of User Information
Allsec's does not rent, sell, or share personal information about you with other people or nonaffiliated companies. If you have submitted user information to us through an e-mail, Allsec's maintains your security by ensuring that the information is only distributed within the Allsec's Group who are all responsible for responding to your requests either directly or indirectly.
Back to Top
We may disclose information in the following circumstances
- We provide the information to trusted partners who work on behalf of or with Allsec under extremely strict confidentiality agreements.
- We respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims.
- We believe it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or as otherwise required by law.
Links to Third Party Sites
Intellectual Property Rights
The products, technology and/or processes described in this site may be the subject of intellectual property rights reserved by Allsec or other third parties. Nothing contained herein shall be construed as conferring to you in any manner, whether by implication, estoppel or otherwise, any license, title, or ownership of or to any intellectual property right of Allsec or any third party
Back to Top