Security Awareness

Genpact Company Confidential

You may think that
only the military
needs to worry about
security.

Or that only banks

need to worry about
locking things up.

Genpact Company Confidential

 BPO firms
must protect
their
information
assets too…

Genpact Company Confidential

 We
are
in
Business
because
of
our
Customers

Genpact Company Confidential

WHEN THERE IS
NO
CUSTOMER
THERE IS
NO
U AND ME

Genpact Company Confidential

That
effort
involves
you, no matter
what is your role

Genpact Company Confidential

 IT Security
IT Security is the process of preventing and detecting
unauthorised use of IT Resources.
Why Do We Need IT Security?
•Ensure a secure and efficient IT environment
•Ensure compliance with Global Best Practices and
requirements.
•Ensure security awareness across GSK process.
•Provide Confidentiality ,Integrity and Availability of all
assets.
Consequences of poor Security:
•Financial loss.
•Irretrievable loss of Important Client Data.
•Unintentional information disclosure.
•Damage to the reputation of the Genpact.
•Legal consequences.
Genpact Company Confidential
 Genpact Security Vision

• To make Genpact a secure and reliable place to work.

• To ensure that Genpact services are provided in a secure
and reliable way, in the existing volatile environment of
constant changes, accidents, attacks and failures.

Genpact Company Confidential

 Security – What it means ??

CIA TRIAD

Ensuring that information is not accessed by unauthorized persons

CONFIDENTIALITY

INTEGRITY AVAILABILITY
Ensuring that information is Ensuring that information is
not altered by unauthorized freely
persons. available for authorized persons

Genpact Company Confidential

 Genpact Security Process -PDCA Model

Define Security Policies

and Procedures

Implement identified improvements,

corrective/preventive actions
Implement and manage
Security
controls/process

Review/ audit security management

and controls

Genpact Company Confidential

 Security Standard and Domains
Genpact is following BS7799 standards for Information
Security

Security Domains
Security Policy
Security Organization
Assets Classification and Control
Personnel Security
Physical and Environmental Security
Computer and Network Management
System Access Control
System Development and Maintenance
Genpact Company Confidential
 Physical Security Controls
Physical Security perimeter
 24 * 7 Security guards
 Restricted Access
 Data Centre:
 24 X 7 Security Guards
 Pin-pad reader
 Visitor entry restricted to work and secured areas
 Review of automated access control audit trails and visitor logs

Genpact Company Confidential

Physical Access Control System
Use your own access cards.
Access to High risk areas restricted.
All visitors should be entertained in the
reception area only. In case their presence is
required within the premises, they should be
accompanied by Genpact associates during
their stay in the premises.
Ex employee or employee from other
locations should not be allowed in to the work
area without approvals.

Genpact Company Confidential

 Physical Access Control System
Access cards
Issue of access cards to associates is
done by Admin deapartment after
receiving request for issue of access
cards through PM/PL concerned.
Loss of access cards must be reported
to Admin department through Phone/
email or Security Guard.
New access card will be issued to the
associate only after request from
PM/PL of the employee.

Genpact Company Confidential

Tailgating…

Do not tailgate into

work modules.

Use your own access

card to enter or exit
the work modules

Tailgating would be a
security violation

Genpact Company Confidential

 Physical and Environmental controls…
Environmental controls applied are
Fire Detection and Fire Suppression
systems
Backup power supply, air-condition
systems deployed
Temperature and humidity condition monitored at high
risk areas.
Periodic testing, inspection and maintenance of fire
equipment

Genpact Company Confidential

 General Security Controls
 All Project related Confidential information should be kept
locked when not required.
 PCs should be protected by passwords when not in use.
 All Confidential documents that need to be disposed is done
through shredders.
 Clean desk and Clear Screen Policy

Every employee/contractor has the responsibility

for protecting the confidentiality of the documents.

Genpact Company Confidential

Lock your PC…

Taking a break ?

Log off /Lock your

system before you
leave

Genpact Company Confidential

E-mail Security

Genpact Company Confidential

Internet Trap

Genpact Company Confidential

Social Engineering…

Social Engineer's try to

trick you into revealing
passwords and other
confidential information

Beware of them !

Genpact Company Confidential

 Communication and Operations Mgmt…

Media handling and security

All project related data stored in floppy disks,hard
disks and CD-ROMs on project completion will be
erased by the owner and given back.
Floppy and CD-ROM drives are disabled for all
users. Will be enabled only on special request.

Genpact Company Confidential

 Phone and Fax usage
 Don’t leave voice mail messages with sensitive
information.
 Avoid discussing sensitive information over telephone as
these might be tapped.
 Not to use personal purposes, unless made outside business
hours. Keep to a reasonable length.
 Not to fax sensitive material unless at both ends an
authorized staff member is available to handle the
materials or a password protected fax mailbox is used to
restrict unauthorized release of the materials.
 Cover sheet should be sent first and after ensuring
acknowledgement from the other side fax through another
call immediately thereafter.
 Use a cover sheet
Genpact Company Confidential
Backup

 Feel free to ask for Backup of

project data based on request
from projects.

Project your backup

requirements !

Genpact Company Confidential

 Laptop guidelines

 Do not leave laptop unattended.

 Genpact laptops are not to be connected
onto the GSK network.
 All the users in the possession of laptop,
notebook, palmtop and other
transferable computers of the traveler
should check as hand baggage.

Genpact Company Confidential

 Personnel Security

 IT Use Policies
 Background Verification Check
 Confidentiality and Non Disclosure Agreement
 Security Declaration
 Clearance Process

Genpact Company Confidential

 Personnel Security…
Disciplinary proceedings
 Non-conformance to Security policies and procedures will
invoke disciplinary action up to and including termination.

Non-conformance involves
deliberate attempts to leak information outside the company
breaches made to usage procedures on e-mail and internet
trying to access premise or computer resources for which he/she is not
authorized to.

 Final Decision in this regard will be taken by Security Leader.

Genpact Company Confidential

 Personnel Security…
Security competencies needed by associates
 Understand & comply with security policy
and laws
 Recognize potential security problems in their
environment
 Know how to be proactive in preventing security
problems
 Know where to find additional help or information.

Genpact Company Confidential

 Business Continuity Plan…

BCP addresses
 Frequency of Drills
 Identification and agreement of responsibilities and
procedures
Documentation of agreed procedures
Training of staff managing BCP
Regular testing and update of plan

Genpact Company Confidential

User account clearance

SDL - Notify User on long

leave to HR

Clear user accounts on project

servers

Transfer, Deputation, Resignation

Follow clearance process

Genpact Company Confidential

 Security Compliance

 Compliance with legal requirements -IT Act 2000, Companies

Act and Indian Penal Code
 Protecting/adhering to applicable laws as per law of the land
 Compliance to GSK security policy
 Random review and checking by Security Leader
 Fortnightly Security Committee review meetings
 Half yearly security audits by Corporate Security Team
 Review and incorporation of audit recommendations
 Third party audits and accreditation

Genpact Company Confidential

 SDL’s

 Know about your customers security requirements

 Train your team in Information Security regularly

 Keep your customer updated on any security violations
 Monitor backups, Access control
 Be ready for regular security audits

Genpact Company Confidential

 Do’s and Don'ts
Do’s
FOLLOW
• Clean Desk Policy
Clear Screen Policy
• Display your ID card always
• Check for Antivirus update daily
• Challenge Strangers in the premises (Inform Security leader in
Charge, if you find any strangers in the premises).
• Change password regularly.
• Lock the monitor when away and shutdown daily .
• Report any security incident to Security leader.
• Take regular backups.
• Destroy confidential media using shredder (when the project is
completed or become obsolete).
• Follow fire drills (follow the rules during fire drills)

Genpact Company Confidential

 Do’s and Don’ts

Don’ts
• Share Password

• Leave confidential prints near printer

• Use mails and internet for non-business purpose

• Enter unauthorized areas, without permission

• Tailgate into modules

• Share your folder

Genpact Company Confidential

Security Incident Reporting…
Report Security violations to
JV.Krishna@Genpact.com
Security incidents include:
•Virus attacks
•Hacking attempts
•Unauthorized copying/
modification/ disclosure of
information
•Wire-Tapping
•Tampering
•Theft of any H/W or S/W
resource
•Denial of service attacks
Genpact Company Confidential
What is Expected of You?

As an associate of GSK, it is our

responsibility to help in protection
and proper use of GSK information
and technology assets.

Security is only as strong as its

weakest link!

Genpact Company Confidential

Whose job is
information
Security ?????

It’s our Job !

Genpact Company Confidential

 THANK U
For Any Queries or Suggestions Email to
Satish.Mamillapalli@Genpact.com

OR

Vivek.Digumarti@Genpact.com

Genpact Company Confidential