Policies and Processes
- The processes, controls and technology instituted at Cheers Interactive ensure protection of all clients’ information and data in all forms. This includes, but is not limited to, client names, terms of contract, processes, project details, project data, know-how and all other forms of client proprietary and intellectual property
Segregation of Roles and User access
- Each client account has dedicated leaders who only work on one client account at a time. Cheers Interactive also ensures that team-members are only deployed to one client account or project and not shared across client teams. This ensures knowledge development & retention while mitigating the risk of client information security / intellectual property leakage.
- The Information security and data protection system and frameworks at Cheers ensure that client information or any data pertaining to a client is only accessible to team members working for that specific client project only.
- Even the team-members working for a client account only have access to data on a need to know – need to have basis. The information security department has set up system and processes to ensure that this is achieved without compromising operational efficiencies.
Stringent Physical Security
- Physical security of the work areas dedicated for each client account is ensured through the usage of biometric and proximity card access to the operations floor and zone. Access to each operations floor and zone is restricted on a need to have basis for only those team members who have their workstation to that floor and zone.
- Access for all external storage devices including mobile phones have been disabled for all workstations across the company
- Mobile, external storage and any other electronic devices are prohibited on the operations floor.
- All passwords are changed periodically as defined by information security policies
- Internet access is controlled by a web filtering and DLP appliance and team-members do not have access to email, social networks, offensive material, instant messaging and network storage websites. Furthermore, team-members cannot upload any document to any website on the internet.
- Email services for each team members are configured to send mails to designated clients only.
Digital Rights Management solution for data security
- A document rights management, classification and encryption solution has been implemented for all client documents. This technology is used to encrypt and define user access rights for each of the document or folders. Each client document can only be opened (with defined rights for view, edit, copy, print, screen capture, etc.) by team-members who have been provided necessary access. This tool protects and monitors all information in real time. Any attempt at unauthorized access to client documents is recorded and these alerts are reviewed and acted upon by the information security department.
Employee hiring process and Induction
- All team-members are mandatorily required to sign Non-Disclosure and Confidentiality agreement focusing on the importance of maintaining the confidentiality of all client information, intellectual property and data at all points in time
- Comprehensive background verification checks have been done for all team-members
- All team-members undergo comprehensive information security training on the information security, data protection and confidentiality of client’s information. These sessions are mandatory during new-joiner inductions and any changes in policy and processes are briefed during the mandatory information security requirement reiteration programs.
- Team-members are strictly instructed not to reveal client names. Even within the Cheers premises clients are referred to using short codes and central reference numbers.
- All team-members are retrained, as required, from time to time.
- The information security department conducts regular audits vis-à-vis Information security policy controls and report non compliances to the managing committee of the company