ISO 27001 EXL delivery centers are certified to the international security standard ISO 27001. EXL is among the leading third party service providers to get ISO 27001 certification for its information security management and the certification recognizes the importance of ensuring the confidentiality, integrity and availability of both vital corporate information and customer information.
The standard for Information Security Management System (ISMS) ISO 27001 is a systematic approach to manage sensitive information so that it remains secure, credible and trustworthy. The certification is an outcome of the processes and procedures that EXL has in place to safeguard the security of data and the mechanism to handle issues relating to business continuity and disaster recovery.
Benefits of ISO 27001 - Provides a framework for resolving security issues
- Enhances security awareness within an organization
- Assists in the development of best practices
- Provide security of organizations information
- Compliance with the Data Protection Act's security requirements
- Ensures that relevant laws and regulations are being met and also that a commitment to information security exists at all levels throughout the organization
SAS 70 EXL has established an internal controls framework that reflects the organization’s overall control environment. It also covers control processes; risk assessment procedure; control activities; and information, communication, and monitoring components of internal control. The general controls established by EXL at eight of the 14 delivery centers are audited by an independent audit firm.
EXL has also established a Fraud Risk Assessment (FRA) procedure to identify the most likely locations of a fraudulent transaction in an account, transaction type, and business location. The objectives of FRA include:
- Assessing the likelihood of fraud occurrence
- Assessing its impact
- Informing EXL and client of the risks, and
- Facilitate decision-making