Skip to main content Skip to main navigation Skip to search Skip to footer

Information Security

HCL Information Security Policy

HCL Information Security Policy - ThumbHCL Technologies Ltd - BPO Services is certified for BS7799 standard by British Standard Institute, India across all delivery centers located in Noida and Chennai. Information security management system of HCL practices 10 domains, 36 control objectives and 125 controls of BS7799 standard. Transition practice to ISO 27001 from BS7799 has started and will be completed within few months. HCL is also a part of NASSCOM core team to define and implement policies for information security.


How HCL Ensures its Clients for their Data Protection

HCL practices various methods to achieve data security needs of customers and for its internal need of securing intellectual property; some of them are detailed below:

  • Identification of data: We have a documented approach to identify and collect the data used as part of business operations or support
  • Assessment of its criticality: Data is assessed for its risk and criticality is measured
  • Classification of data: Documented approach exists for classification and sign off of the assessed data
  • Documented process to handle the critical data: Controls are identified and implemented to securely handle the data
  • Data security awareness: Periodic awareness sessions are conducted to employees to understand the need of data security, their roles and responsibilities and approach we follow for data security
  • Audits conducted by internal audit department and information security management system team
  • Audits conducted by client audit team to ensure compliance as per the client requirements

HCL has been directly audited by a number of clients and found to be fully compliant with the data security requirements.

HCL has implemented various controls and monitors it continuously to ensure security is delivered as per the commitments.

Physical Security

  • Agents are not allowed to carry pen and paper while working
  • Electronic Devices such as mobile phones, PDA etc are not be allowed on the production floor
  • Random Audits to ensure security policies are followed
  • Disciplinary action for the non compliance

Access Control

  • Limited, applicable application access required as per operations
  • Mandatory profiles to ensure any stored data will be automatically erased after temporary use
  • No local storage provided, all data are stored at central storage
  • Regular audits of the central storage server
  • USB Ports, floppy drives and CD drives are restricted

Email Security

  • Agents should be given organization email facility only when required
  • No mails can be sent outside the organization from the given mail facility

Internet Access Security

  • Restricted access to internet, sites will be allowed only if it is a process requirement
  • Continuous monitoring of web traffic and disciplinary actions taken for violations

Awareness Programs

  • Regular awareness program are conducted on data protection and its legality
  • Awareness of information security through class room sessions, intranet sessions, posters, mailers etc.

Monitoring

  • 24*7 monitoring of all security infrastructure
  • Dedicated team and infra to perform security monitoring
  • Products like McAfee EPO, Web sense reporter, ISS/CISCO Network and host intrusion detection system etc are used for monitoring

For more information, please write to us at: digital@hcl.com 

What Customers Say

HCL’s engagement in the medical writing space has been one of the most fulfilling experiences in terms of the value delivered over the past 4 years. HCL provided prompt, professional service and sound advice through a dedicated team supported by good leadership. HCL not only has an outstanding medical writing group showing a passion for science and accuracy and also bringing a creative flare to their contributions but also has an equally dedicated and passionately driven clinical operations and data management team. In projects with tight timelines, the teams worked cohesively and delivered at a very short notice with a high quality regulatory document for submission to various regulatory authorities. It’s an absolute pleasure to interact and work with HCL.

- Dr. Anil Avhad, DGM - Medical Services, Glenmark Pharmaceuticals, Mumbai, India

 

"HCL helped turn our vision of a Global Security Operations Center into a reality… HCL’s security controls are among the best that I have seen in any of our business partners... I believe the qualities that led them to success on this project will assist our entities in achieving their own goals."

- Director, Global Security, One of the top 3 global pharma companies