| Business Continuity & Information Security |
| Information Security |
MphasiS BPO has implemented a comprehensive information security system based on a process driven approach and is BS 7799 Part 2:2002 certified. Our security architecture is in line with clients processes and hence has been tailor-made specifically towards our business compliance requirements.
We have implemented an Information Security Management System (ISMS) which is based on 127 controls divided into management controls, operational controls and technical controls and conforms to 36 control objectives. The ISMS is audited internally on a periodic basis by an internal information security team and by Ernst and Young and STQC for operational compliance.
Our data, applications, network and workflow are comprehensively secured. We have detailed policies to provide customer and company data security and these are an integral part of MphasiS BPO Information Assurance program (MIAP) implemented under the Information Security Management System (ISMS). This is audited and certified and is compliant to BS-7799 and ISO 17799. Technical Compliance (vulnerability testing) was carried out by HP services.
|
| Objectives of MIAP Program
|
| Protect information and information systems from intentional, unintentional, structural and natural threats |
| Detect threats to information and information systems |
| Restore capabilities in an efficient and prioritized manner |
Respond appropriately with an integrated, coordinated, and focused effort to cope with, reduce, or eliminate the effects of attacks or intrusions
|
| Continuity of Business (CoB) |
| Any outage means lost business opportunities and revenues. MphasiS Business Continuity Plan (BCP) has been put into place taking into consideration several planned and unplanned scenarios). MphasiS BPO has implemented the BCP with the assistance of Pricewaterhouse Coopers. The BCP is in compliance with BS-7799 Part 2: 2002 standards and has covered three levels of redundancy:
|
| IT and telecommunication infrastructure |
|
| Operation floors |
|
Operation centers
|
|
| Our operation centers are at Ahmedabad, Bangalore, Mangalore, Noida, Pune and Tijuana (Mexico); and most of them act as reciprocal sites (warm sites). We allocate our process delivery across centers to provide continuity of business. The BCP is reviewed bi-annually and is based on a team concept methodology with recovery teams for each of our functions, namely IT, logistics and operations.
|
MphasiS has client-specific BCPs in place for every process.
|
Overview of the BCP |
| The BCP is used as the basis for guiding recovery activities. The plan assists in identifying:
|
| Systems, tasks and processes which are crucial to the operation of critical business functions, and define back-up procedures for business continuity |
|
| Personnel responsible for business continuity activities |
|
Levels of outage and responses to individual disruptions
|
|
Alternate processing locations and resources required to effectively function (such as, vital records, office furniture and equipment, data processing hardware and software, supplies, vendors etc.)
|
|
| Back to Top |
