comes first, regardless of whether it is the security of customers’ or our own team members’ data.We approach every client with unique security measures and have individual technical and organizational controls for each project. The steps of data protection taken by our Corporate Security and Technology Departments are described below.
We organize all our data by relevant categories, so they may be used and protected more efficiently. It also makes data easier to locate and retrieve. Data classification is of particular importance when it comes to risk management, compliance, and data security. The procedure for classifying all data is documented in high-level documents.
Regardless of their security clearance level or other approvals, all our staff only have access to the information required by their job functions. Anyone who wants to gain more authority or a higher level of access must receive an approval from the Corporate Security.
We use Business Continuity and Disaster Recovery procedures to minimize the effects of outages and disruptions on business operations and to enable our company to get back on its feet after issues occur. With their help, we reduce the risk of data loss and reputational harm, and improve operations while decreasing the chance of emergencies. This procedure is documented, and we resort to it only in case of serious incidents.
The main purpose of risk assessment for us is to help our Corporate Security and Technology Departments identify any event that could negatively affect our organization generally and each department in particular. Based on the ISO/IEC 27001:2013 standard requirements, we conduct an annual risk assessment of all departments. This helps us be sure that every department's operations are safe, secure, and cannot become the sources for leaks and breaches.
We have an Incident Response Team that responds to each incident in a timely and continuous manner and monitors the incidents that have already occurred. Incidents can be detected by our IPS/IDS and DLP systems, or personally by management at the time of the incident’s occurrence. Each incident goes through a life cycle, from identifying to closing and taking countermeasures. Each incident is documented, which helps us track its current status and take measures to keep it from reappearing in the future.
When a person passes all interview stages and gets a job offer, they come to the onboarding stage. We review each potential candidate’s history to confirm their professional background and appropriate work experience required for the position. Background check is also a part of the verification process. With its help, we find out if a person has had issues with the law or has a criminal record, which is very important for working with highly secured projects.
All members of the SupportYourApp team receive appropriate security awareness education, training, and regular updates in organizational policies and procedures, as relevant for their job functions. Our awareness program includes training for staff of all positions in different formats (presentations, videos, etc.), verification of the learned material, phishing simulations that simulate scam/spam/fraud attempts and regular awareness mailing. Each team member has their own risk score and dashboard so that they can be monitored by Corporate Security.
Encryption at rest is like storing data in a vault, encryption in transit is like putting it in an armored vehicle for transport. We use data encryption in transit in case of remote and office work, whereas encryption at rest is used only in case of office work or if our QCRM is used.
We have IDS/IPS in place. This ecosystem reveals facts and prevents unauthorized access to our corporate systems with its own graphic rule manager and threat hunting capabilities.
Our DLP solution protects corporate data from leaks. It controls all device activity at the endpoints and monitors and scans all possible exit points for sensitive content detection. Our DLP ensures critical business data do not leave the internal network either by being copied on devices or sent via the Internet without authorization, reporting all sensitive data incidents.
The RBAC system allows our staff to have access rights only to the information they need to do their jobs and prevents them from accessing information that doesn't pertain to them. We have a Mobile Device Management system which enables our Technology Department to manage all mobile devices we have. These are not only mobile phones, but tablets, laptops and other equipment used for work.
Something you know, something you have, and something you are. As part of our security strategy, we use MFA to achieve:
Our company has a strict and strong password policy:
We use CCTV to:
in the event of an incident, be able to track the actions that led to its occurrence.
be able to monitor the entire perimeter of our company across all our offices.
prevent future incidents, as the presence of video surveillance can scare off potential external and internal intruders. We have divided the entire territory of the company into security zones used to identify the access controls and safeguards required to protect all facilities. All SupportYourApp information is processed only in specially equipped security zones. Access to high-value, highly sensitive, or critical assets is based on a clear and discernible hierarchy of zones and provided on the least privilege basis only. Access to the SUP premises is allowed for the member of the SupportYourApp team only and is restricted for everyone else. Access to the SUP premises is carried out by scanning the biometric data on special scanners. Everyone at SUP has personal badges, which allows us to be visually identifiable on the SUP premises.
Every year, we conduct an internal audit and risk assessment of each department. The purpose of the audit is to provide independent assurance that our company’s risk management, governance, and internal control processes are operating effectively. We conduct internal audits to:
In addition to being ISO/IEC compliant, our company also complies with the international PCI DSS standard. With our support teams dealing with sensitive customer data, we apply the highest protective measures to shield them from leaks or corruption. That is why, thanks to third-party audits, we undergo the PCI DSS audit to confirm our status as a PCI DSS Level 1 Service Provider.
Our corporate and our clients’ customers’ data safety is our priority. To ensure our systems are up to standard, we undergo a special audit for compliance with the international standard ISO/IEC 27001:2013. To make sure we pass the audit, and confirm the safety of all our systems, we regularly update our security policies, undergo team-wide security trainings, and set up new incident monitoring systems. This way we not only remain up to ISO/IEC 27001: 2013 standard, but provide the safest possible services.
as our customer
Helping modern startups scale faster by outsourcing customer support.
Customer Centricity World Series Award for employee experience in 2020-2021.
Company
Pricing Team Career Company Social Activities Press Page Knowledge Base Contact UsFollow us. Stay tuned:
Information security
SupportYourApp's Security Privacy and Cookie Policy Sub Processor List Terms of UseOutsourced services
Call Center Outsourcing Outsourced Answering Service Tech Support Outsourcing E-commerce Customer Service Outsourcing Live Chat Outsourcing Help Desk Outsourcing Back Office Outsourcing Amazon Customer Support OutsourcingLocation:
Delaware Office:
Send your CV:
Become our Client:
© 2010-2024 SupportYourApp, Inc. SupportYourApp Limited. All rights reserved. SUPPORTYOURAPP®, QCRM®, QUIDGET® are registered trademarks in the US and other countries.