Information and Data Security Compliance Statement
The Security and Privacy of your data is a core part of Allsec's business. This
statement provides our clients, the assurance & our commitment to information &
data security compliance. In continuously addressing security issues, we have developed
Data Security programs that evolve from the changing needs of our client's data
At Allsec, establishing appropriate security programs that our clients can rely
upon, has been primal since inception. Our privacy programs are developed, tested
and established fulfilling the requirements of Internationally recognized standards,
industry best practices and clients' expectations.
Our Privacy Operations Philosophy
Back to Top
Primarily, Allsec's Privacy philosophy is to move beyond Compliance into a Business
Assurance approach centered around not just Compliance but also continuous monitoring
meeting every data privacy & security requirement so as to ensure privacy of Clients'
data. We also focus to accomplish continual improvement in our privacy landscape.
Transition from compliance to business assurance is the key in having efficient
security practices and what we need is additional security models focused on IT
systems and Technology enhancements with an essence of dynamism. At Allsec, it is
the way to apply current industry best practices and create an appropriate Service
Management System that can adopt newer dimensions of security structures and remain
sensitive to evolving privacy diktats. We use our management systems as an effective
tool to meet the dynamic needs of our Clients' business to ensure the information
is processed with quality and at the same time it is protected retaining the evidences
of such quality and security practices needed for review and continuous improvement.
Our Privacy Programs
Payment Card Industry Data Security Compliance (PCI DSS)
The Payment Card Industry (PCI) Data Security Standard is a worldwide standard for
payment card and consumer financial data protection. It incorporates the requirements
of the Visa USA Cardholder Information Security Program (CISP) and the Visa International
Account Information Security (AIS) program, the MasterCard International Site Data
Protection (SDP) program, as well as the security requirements of American Express
DSS, DiscoverCard DISC etc., VISA and MasterCard now require all merchants to adhere
to the PCI security standard. Our compliance with PCI standards is certified by
a certified PCI compliance services provider.
Our delivery centers are tested at least once in every 90 days with industry-standard
PCI Compliance remote vulnerability testing.
Back to Top
Allsec's information and data security programs ensure compliance with the network
perimeter security criteria mandated in regulations such as: the Health Insurance
Portability & Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), the
Sarbanes-Oxley Act (SOA) and other Electronic Data Protection regulations applicable
to the business of Allsec, as a Business Process Outsourcing Services provider.
Health Insurance Portability & Accountability Act Compliance (HIPAA)
With an array of certifications related to Information Security in our kitty, we
understand that being HIPAA compliant will take our data security management towards
next paradigm. In line with this philosophy, apart from being PCI DSS complaint,
Allsec's expertise in data security management has extended to being HIPAA compliant.
HIPAA exclusively defines the security requirements for the service industry required
for protecting the electronic personal health information (EPHI). Customized controls
ranging from physical security, security of network and system components that store,
retrieve & transmit customer's data are deployed practicing the best- in-class operational
procedures. Our model of layered security controls, appetite for Compliance & continuous
improvement in Information Security lead to Clients' satisfaction and appreciation
as we always experience.
SAS 70 Type II
The SAS 70 audit is one of the most demanding certifications that a data center
operator can undergo because it examines all aspects of the internal control system.
Not only must the controls be present, they must also be documented and verified.
Allsec is a SAS 70 Type II Certified organization since 2007 consistently maintaining
the effectiveness and efficiency of the controls periodically evaluated bi-annually
after they were placed in operation. This assures our clients that the control system
is functioning properly and there is a review of controls applicable for the Clients'
programs from time to time which is one of the key process steps of SAS 70 Type
While PCI DSS and SAS 70 caters to strategic management of information & data security,
at an operational level an information security program that can act as a solid
foundation for all the Compliance programs is required. ISO 27001:2005 is an International
standard that provides a model for establishing, implementing, operating, monitoring,
reviewing, maintaining and improving an Information Security Management System (ISMS)
and provides a healthy foundation. We are ISO 27001 certified. Healthy sustenance
requires combination of Quality Management System also to control its environment.
Realizing this fact, Allsec has implemented ISO :27001 as an integrated management
system of both Information security and Quality. Our environment of internal controls,
across all of our accreditations undergoes not only the tight scrutiny through internal
security audits but also quality process audits. Business Continuity Management
/ Disaster Recovery systems and Information Security governance structure enforced
by ISO 27001:2005 enable Allsec to maintain secure IT environment.
The information on this website has been compiled by Allsec Technologies Limited
(Allsec). Although we have attempted to provide accurate information, no representation
is made or warranty is given as to the completeness or accuracy of anything contained
on this website. Neither Allsec nor its affiliates or agents shall be responsible
for any gains or losses that may be incurred by the viewer by acting on the basis
of the content of this website.
Back to Top
Allsec respects your privacy and is committed to protecting the information you
provide us through this web site. We do not sell or distribute user information
to third parties. We gather user information in order to serve your needs and respond
to your information requests. These are the guidelines we use in protecting your
Collecting User Information
We collect information about our web visitors indirectly through our Internet access
logs. When you access Allsec, the browser's domain name and Internet address is
automatically collected and placed in our Internet access logs. We use this information
to learn about which sections, pages and information web site visitors access.
Cookies, by themselves, cannot be used to find out the identity of any user unless
they specifically tell us who they are. If you wish, you can disable cookies on
your computer by changing the settings in preferences or options menu in your browser.
Disclosure of User Information
Allsec's does not rent, sell, or share personal information about you with other
people or nonaffiliated companies. If you have submitted user information to us
through an e-mail, Allsec's maintains your security by ensuring that the information
is only distributed within the Allsec's Group who are all responsible for responding
to your requests either directly or indirectly.
Back to Top
We may disclose information in the following circumstances
- We provide the information to trusted partners who work on behalf of or with Allsec
under extremely strict confidentiality agreements.
- We respond to subpoenas, court orders, or legal process, or to establish or exercise
our legal rights or defend against legal claims.
- We believe it is necessary to share information in order to investigate, prevent,
or take action regarding illegal activities, suspected fraud, situations involving
potential threats to the physical safety of any person, or as otherwise required
Links to Third Party Sites
Allsec's web site may provide links to other third party web sites. Allsec is not
responsible for the contents or policies of these web sites. These links are provided
to you for convenience purposes only and Allsec is not liable for inaccuracy of
any information on such sites. These sites may send their own cookies to users,
or otherwise collect data or solicit personal information. If the Allsec web site
links you to any third-party web site, we make no representation as to the existence,
Intellectual Property Rights
The products, technology and/or processes described in this site may be the subject
of intellectual property rights reserved by Allsec or other third parties. Nothing
contained herein shall be construed as conferring to you in any manner, whether
by implication, estoppel or otherwise, any license, title, or ownership of or to
any intellectual property right of Allsec or any third party Back to Top