Information Security
Facilities & InfrastructureInformation Security
Systems America has implemented a comprehensive security system based on a process driven approach and is in process to be the first and only BPO center in India to be BS 7799 Part 2: 2002 certified. The security architecture is in line with clients processes and hence has been tailor made specifically for this line of business. Systems America in this endeavor has a dedicated Information Security Officer with CISSP certification as well as BS 7799 lead auditor certification, responsible for the planning, implementing, management and review of policies, standards as well as the infrastructure that dictates the protection of client data and information.

Systems America understands the importance and value of information security in its business. To this extent, the approach taken by Systems America has been on the lines of a technology life-cycle. Systems America has adopted a service-centric approach to security based on which the appropriate products have been implemented.

In line with the BS 7799 certification, we have implemented an Information Security Management System (ISMS) which is based on 127 controls divided into management controls, operational controls and technical controls and which conforms to 36 control objectives. The ISMS is audited internally on a periodic basis by internal information security team and was audited by STQC for operational compliance.

Comprehensive security is provided to data, applications, network and workflow. There are detailed policies to provide customer and company data security and these are an integral part of Systems America Information Assurance program (MIAP) implemented under the Information Security Management System (ISMS). This is audited and certified and is compliant to BS-7799 and ISO 17799. Technical Compliance (vulnerability testing) was carried out by HP services.

The MIAP program implementation constitutes of four objectives :
  • Protect : Information and Information systems from intentional, unintentional, structural, and natural threats.

  • Detect : threats to information and information systems.

  • Restore : capabilities in an efficient and prioritized manner.

  • Respond : appropriately with an integrated, coordinated, and focused effort to cope with, reduce, or eliminate the effects of attacks or intrusions.