Security

Empuls/Security

Please describe the supplier's product/service main components and their role/function

*Website - Web tool to login, access the pages, view reports and for administrative actions
*Mobile App - Mobile version for the same features as Website
*Backend Server - Primary data center for the application (for both web and Mobile) Service Award
Where is your Company Headquartered? Please mention all the locations

Bangalore, Karnataka, India
Where is the application being Hosted?

We use Public Cloud. Amazon Web service
Please describe the solution's hosting environment, including details related to the solution providers (e.g. Amazon, Azure, Google, etc.), the type of cloud service that is used.

*The primary application is hosted in AWS Singapore (Amazon web serivces)
*Customer Personal Information can be either hosted in AWS Singapore in an encrypted manner or can be stored in BIOS cloud based out of UAE
Does the application support Localization i.e. in multiple Indian languages? If yes, what languages are supported?

Yes
What documentation is part of the proposed deliverables? Please provide specific details on the type and content of each document.

Business requirements document, Project Plan, user manuals/training materials
What all integrations are expected with the tool?

HRMS & SSO are recommended
Does the proposed solution require the use of Adobe Flash, Adobe Shockwave, Oracle Java, or Microsoft Silverlight?

No
Does the proposed solution/system require the use of any obsolete, end-of-life, or unsupported technologies, protocols, third-party software and libraries, operating systems, or solution components?

No
Highlight if the proposed solution/s is your company’s own products or they have been acquired through a buy-out?

Inhouse developed Product
What documentation is part of the proposed deliverables? Please provide specific details on the type and content of each document.

Business requirements document, Project Plan, user manuals/training materials
Does the application allow data migration?

We migrate HRMS data via SFTP using CSV file format
Is there any specific user training necessary?

Demos are available and specific trainings are not required
How do you manage the risk of insider threats (e.g. pre-employment and contractor screening, NDA and confidentiality agreements, awareness and training, monitoring, segregation of duties, tamper-proof access and audit logs, etc.)? Do all em

*BGV for employees are conducted.
*Due diligence and screening done for vendors.
*NDA and confidentiality agreements are signed with employees.
*Information security and data privacy awareness trainings are conducted as part of induction
Please describe the physical security that protects Corporate Rewards Personal Data, including building access and physical server access.

Bio-metric access control is places in all entry/exit points. CCTV cameras are in place and it is monitored regularly.
How do you ensure prospective employees are appropriately vetted for sensitive jobs?

We request for educational certificates, experience letters, address proofs and ID proofs. Background verification checks are conducted to validate these documents submitted by employees
How do you ensure that security responsibilities are addressed by staff?

We have a formal disciplinary policy and it is communicated to all employees during our induction process. NDA is also signed with all our employees. Security roles and responsibilities are also communicated to employees
Do employees, contractors and third parties (where applicable) receive appropriate awareness training and regular updates relevant to their function within the company?

We conduct data privacy and information security awareness trainings as part of our induction and refresher trainings are conducted once a year
What controls do you have covering employees resignation or dismissal?

Employee exit policy is followed. On the day of exit, all the access to company proprietary data provided to employee will be removed. This is ensured by our HR manager and IT admin. Periodic access review audits are also conducted
What technologies or business procedures do you have to ensure that individuals within your organization will be monitored to ensure that they do not deliberately or inadvertently disclose personal data outside your company, through e-mail,

*NDA is signed with all our employees and contractors.
*Data privacy awareness sessions are conducted and our policies are communicated to employees.
*Biometric controls are placed to avoid any unauthorised access to restrcited areas and these logs are reviewed periodically.
*Background checks are conducted for all our employees.
*CCTV cameras are in place and monitored regularly.
*Email Domain whitelisting and device policy are also in place
How do you ensure the physical security of your offices?

All of our entry/exit points are boimetric controlled and physical security guards are placed in entry/exit points
How are server rooms or other offices/rooms used for sensitive processing protected?

Restricted areas are controlled with biometric access and logs are reviewed. CCTV cameras are also in place and are monitored regularly
How are public access, delivery and loading areas secured, and access to offices from these areas controlled?

Our delivery and loading areas are separated from our information processing facilities. These areas will be monitored by CCTV cameras and security guards.
How do you ensure equipment is protected from loss, damage, theft or being compromised?

All of our entry/exit points are boimetric controlled and physical security guards are placed in entry/exit points. UPS is available to provide 24/7 uninterrupted power supply
What arrangements are in place for the secure disposal or re-use of equipment?

Our IT administrators format our equipments as per our secural disposal policy before re-use and disposal of equipments
Please provide details of the controls you have in place for Anti-Virus protection and protection against other malicious code (spyware etc.)

Sophos is used for anti-virus protection and Gsuite AV is used to scan the emails for any malicious attachements
Provide brief details of how your network is protected and managed to ensure its security

PF sense firewall technologies are used and we have blocked audio & video streaming, peer to peer , and VPN. Freeradius is used for network authentication control. We have transparent proxy with firewall
Do you have a clear desk and clear screen policy in place?

Yes and it is communicated to employees
Provide details of how you deploy OS patches

On a frequent basis our security team identifies latest patches to be installed and update the same
Are network firewall rules regularly reviewed on all networks that hold Corporate Rewards Personal Data?

Network firewall infrastructure reviewed quarterly

FAQ REPOSITORY

Empuls/Security

Sign up for Empuls today