Customer Support Outsourcing for DMCA
Customer Support Outsourcing for ISO
Customer Support Outsourcing for GDPR
Customer Support Outsourcing for PCI
Customer Support Outsourcing for ISO
Customer Support Outsourcing for GDPR
Customer Support Outsourcing for DMCA
Customer Support Outsourcing for ISO
Customer Support Outsourcing for GDPR
Customer Support Outsourcing for PCI
Customer Support Outsourcing for ISO
Customer Support Outsourcing for GDPR
Customer Support Outsourcing for DMCA
Customer Support Outsourcing for ISO
Customer Support Outsourcing for GDPR
Customer Support Outsourcing for PCI
Customer Support Outsourcing for ISO
Customer Support Outsourcing for GDPR
Customer Support Outsourcing for PCI
Customer Support Outsourcing for DMCA
Customer Support Outsourcing for GDPR
Customer Support Outsourcing for DMCA
Customer Support Outsourcing for ISO
Customer Support Outsourcing for PCI
Customer Support Outsourcing for PCI
Customer Support Outsourcing for DMCA
Customer Support Outsourcing for GDPR
Customer Support Outsourcing for DMCA
Customer Support Outsourcing for ISO
Customer Support Outsourcing for PCI
Customer Support Outsourcing for PCI
Customer Support Outsourcing for DMCA
Customer Support Outsourcing for GDPR
Customer Support Outsourcing for DMCA
Customer Support Outsourcing for ISO
Customer Support Outsourcing for PCI

For SupportYourApp security lock comes first, regardless of whether it is the security of customers’ or our own team members’ data.

We approach every client with unique security measures and have individual technical and organizational controls for each project. The steps of data protection taken by our Corporate Security and Technology Departments are described below.

management-img

Administrative/Management Controls

icon

Data Classification Process

We organize all our data by relevant categories, so they may be used and protected more efficiently. It also makes data easier to locate and retrieve. Data classification is of particular importance when it comes to risk management, compliance, and data security. The procedure for classifying all data is documented in high-level documents.

icon

Need to Know Basis Principle

Regardless of their security clearance level or other approvals, all our staff only have access to the information required by their job functions. Anyone who wants to gain more authority or a higher level of access must receive an approval from the Corporate Security.

icon

Business Continuity and Disaster Recovery Plan

We use Business Continuity and Disaster Recovery procedures to minimize the effects of outages and disruptions on business operations and to enable our company to get back on its feet after issues occur. With their help, we reduce the risk of data loss and reputational harm, and improve operations while decreasing the chance of emergencies. This procedure is documented, and we resort to it only in case of serious incidents.

icon

Risk Assessment Process

The main purpose of risk assessment for us is to help our Corporate Security and Technology Departments identify any event that could negatively affect our organization generally and each department in particular. Based on the ISO/IEC 27001:2013 standard requirements, we conduct an annual risk assessment of all departments. This helps us be sure that every department's operations are safe, secure, and cannot become the sources for leaks and breaches.

icon

Incident Response Plan

We have an Incident Response Team that responds to each incident in a timely and continuous manner and monitors the incidents that have already occurred. Incidents can be detected by our IPS/IDS and DLP systems, or personally by management at the time of the incident’s occurrence. Each incident goes through a life cycle, from identifying to closing and taking countermeasures. Each incident is documented, which helps us track its current status and take measures to keep it from reappearing in the future.

icon

Staff Verification and Onboarding Process

When a person passes all interview stages and gets a job offer, they come to the onboarding stage. We review each potential candidate’s history to confirm their professional background and appropriate work experience required for the position. Background check is also a part of the verification process. With its help, we find out if a person has had issues with the law or has a criminal record, which is very important for working with highly secured projects.

icon

Security Awareness and Training Process

All members of the SupportYourApp team receive appropriate security awareness education, training, and regular updates in organizational policies and procedures, as relevant for their job functions. Our awareness program includes training for staff of all positions in different formats (presentations, videos, etc.), verification of the learned material, phishing simulations that simulate scam/spam/fraud attempts and regular awareness mailing. Each team member has their own risk score and dashboard so that they can be monitored by Corporate Security.

200+

companies worldwide have already trusted SupportYourApp

Join

Data Encryption in transit and at rest

Encryption at rest is like storing data in a vault, encryption in transit is like putting it in an armored vehicle for transport. We use data encryption in transit in case of remote and office work, whereas encryption at rest is used only in case of office work or if our QCRM is used.

Intrusion Prevention and Detection System

We have IDS/IPS in place. This ecosystem reveals facts and prevents unauthorized access to our corporate systems with its own graphic rule manager and threat hunting capabilities.

Data Loss Prevention (DLP)

Our DLP solution protects corporate data from leaks. It controls all device activity at the endpoints and monitors and scans all possible exit points for sensitive content detection. Our DLP ensures critical business data do not leave the internal network either by being copied on devices or sent via the Internet without authorization, reporting all sensitive data incidents.

Role Based Access Control (RBAC) + MDM

The RBAC system allows our staff to have access rights only to the information they need to do their jobs and prevents them from accessing information that doesn't pertain to them. We have a Mobile Device Management system which enables our Technology Department to manage all mobile devices we have. These are not only mobile phones, but tablets, laptops and other equipment used for work.

Multi-Factor Authentication (MFA)

Something you know, something you have, and something you are. As part of our security strategy, we use MFA to achieve:

  • Enhanced security — multi-factor authentication provides enhanced security over static passwords and single-factor authentication processes.
  • Compliance with regulations — multi-factor authentication can help organizations comply with industry regulations.
  • Improved user interface — avoiding the use of passwords can improve customer experience. By focusing on low-friction authentication tasks, we are improving security and user experience.

Password Policy

Our company has a strict and strong password policy:

  • All our passwords are stored in the Corporate Password manager.
  • Our entire team is following the latest standards in password policy, such as the use of complex and non-dictionary passwords, the mandatory presence of Arabic numerals and special characters, the maximum password validity strings are no more than 30 days.
management-img

Physical Controls

Closed-Circuit Television (CCTV) and Security Access Cameras

We use CCTV to:

  • in the event of an incident, be able to track the actions that led to its occurrence.
  • be able to monitor the entire perimeter of our company across all our offices.
  • prevent future incidents, as the presence of video surveillance can scare off potential external and internal intruders.

Physical Security Areas and Zones Controls

We have divided the entire territory of the company into security zones used to identify the access controls and safeguards required to protect all facilities. All SupportYourApp information is processed only in specially equipped security zones. Access to high-value, highly sensitive, or critical assets is based on a clear and discernible hierarchy of zones and provided on the least privilege basis only. Access to the SUP premises is allowed for the member of the SupportYourApp team only and is restricted for everyone else. Access to the SUP premises is carried out by scanning the biometric data on special scanners. Everyone at SUP has personal badges, which allows us to be visually identifiable on the SUP premises.

Compliance Controls

Internal Audit Process

Every year, we conduct an internal audit and risk assessment of each department. The purpose of the audit is to provide independent assurance that our company’s risk management, governance, and internal control processes are operating effectively. We conduct internal audits to:

  • Identify security problems and gaps, as well as system weaknesses
  • Establish a security baseline that future audits can be compared with
  • Comply with internal organization security policies
  • Comply with external regulatory requirements
  • Determine if security training is adequate
  • Identify necessary resources

External Audit Process

PCI DSS Compliance

PCI-DSS certification

In addition to being ISO/IEC compliant, our company also complies with the international PCI DSS standard. With our support teams dealing with sensitive customer data, we apply the highest protective measures to shield them from leaks or corruption. That is why, thanks to third-party audits, we undergo the PCI DSS audit to confirm our status as a PCI DSS Level 1 Service Provider.

ISO 27001:213 Security Certification

ISO/IEC 27001: 2013 certification

Our corporate and our clients’ customers’ data safety is our priority. To ensure our systems are up to standard, we undergo a special audit for compliance with the international standard ISO/IEC 27001:2013. To make sure we pass the audit, and confirm the safety of all our systems, we regularly update our security policies, undergo team-wide security trainings, and set up new incident monitoring systems. This way we not only remain up to ISO/IEC 27001: 2013 standard, but provide the safest possible services.

We are proud to have Calm works with SupportYourApp as our client

Request My Quote