Information and Data Security Compliance Statement

The Security and Privacy of your data is a core part of Allsec's business. This statement provides our clients, the assurance & our commitment to information & data security compliance. In continuously addressing security issues, we have developed Data Security programs that evolve from the changing needs of our client's data security requirements.

At Allsec, establishing appropriate security programs that our clients can rely upon, has been primal since inception. Our privacy programs are developed, tested and established fulfilling the requirements of Internationally recognized standards, industry best practices and clients' expectations.


Our Privacy Operations Philosophy

Primarily, Allsec's Privacy philosophy is to move beyond Compliance into a Business Assurance approach centered around not just Compliance but also continuous monitoring meeting every data privacy & security requirement so as to ensure privacy of Clients' data. We also focus to accomplish continual improvement in our privacy landscape. Transition from compliance to business assurance is the key in having efficient security practices and what we need is additional security models focused on IT systems and Technology enhancements with an essence of dynamism. At Allsec, it is the way to apply current industry best practices and create an appropriate Service Management System that can adopt newer dimensions of security structures and remain sensitive to evolving privacy diktats. We use our management systems as an effective tool to meet the dynamic needs of our Clients' business to ensure the information is processed with quality and at the same time it is protected retaining the evidences of such quality and security practices needed for review and continuous improvement.

Our Privacy Programs

Payment Card Industry Data Security Compliance (PCI DSS)


The Payment Card Industry (PCI) Data Security Standard is a worldwide standard for payment card and consumer financial data protection. It incorporates the requirements of the Visa USA Cardholder Information Security Program (CISP) and the Visa International Account Information Security (AIS) program, the MasterCard International Site Data Protection (SDP) program, as well as the security requirements of American Express DSS, DiscoverCard DISC etc., VISA and MasterCard now require all merchants to adhere to the PCI security standard. Our compliance with PCI standards is certified by a certified PCI compliance services provider. Our delivery centers are tested at least once in every 90 days with industry-standard PCI Compliance remote vulnerability testing.

Allsec's information and data security programs ensure compliance with the network perimeter security criteria mandated in regulations such as: the Gramm-Leach-Bliley Act (GLBA), the Sarbanes-Oxley Act (SOA) and other Electronic Data Protection regulations applicable to the business of Allsec, as a Business Process Outsourcing Services provider.

ISAE 3402 (formerly SAS 70) Type II

The ISAE 3402 audit is one of the most demanding certifications that a data center operator can undergo because it examines all aspects of the internal control system. Not only must the controls be present, they must also be documented and verified. Allsec is a ISAE 3402 Type II Certified organization since 2007 consistently maintaining the effectiveness and efficiency of the controls periodically evaluated bi-annually after they were placed in operation. This assures our clients that the control system is functioning properly and there is a review of controls applicable for the Clients' programs from time to time which is one of the key process steps of ISAE 3402 Type II audit.

ISO 27001:2013

While PCI DSS and ISAE 3402 Type II cater to strategic management of information & data security, at an operational level an information security program that can act as a solid foundation for all the Compliance programs is required. ISO 27001:2013 is an International standard that provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS) and provides a healthy foundation. We are ISO 27001 certified. Healthy sustenance requires combination of Quality Management System also to control its environment. Realizing this fact, Allsec has implemented ISO 27001 as an integrated management system of both Information security and Quality. Our environment of internal controls, across all of our accreditations undergoes not only the tight scrutiny through internal security audits but also quality process audits. Business Continuity Management / Disaster Recovery systems and Information Security governance structure enforced by ISO 27001:2013 enable Allsec to maintain secure IT environment.