MISSION STATEMENT
DATAMARK’S COMMITMENT TO CYBERSECURITY
DATAMARK INCORPORATED (DMi) Information Security Department is committed to protecting information for DMi, its partners, and employees. The Information Security Department’s responsibility is to ensure a cyber and physically secure work environment by promoting a security-related training and awareness programs, monitoring company assets, auditing processes and procedures, and coordinating external audits via certified third-party vendors.
OUR METHODOLOGY
INCORPORATION OF INDUSTRY BEST PRACTICES
DATAMARK has strategically harmonized both its Information Technology and Information Security processes and procedures with the COBIT Framework. Our comprehensive approach integrates principles from the NSIT series and ISO Standards and incorporates best practices from ITIL, DevOps, and Agile Methodologies. Therefore, our alignment enhances our ability to manage and secure our information assets effectively.
Our integration of COBIT Framework, NSIT series, and ISO Standards, alongside ITIL, DevOps, and Agile methodologies, demonstrates a commitment to robust Information Technology and Information Security practices. By harmonizing these processes, we bolster our capability to manage and safeguard our information assets effectively, highlighting the paramount importance of cybersecurity in all our operations.
Effective Strategies for Contact Centers to Prevent Security Breaches and Ensure Data Protection
Discover vital strategies to safeguard customer data in contact centers, ensuring protection against cybersecurity threats and data breaches. Learn how robust IT infrastructure, data encryption, and access control measures can fortify security and uphold customer trust. Dive into the article for actionable insights to enhance your contact center’s security posture and protect sensitive information effectively.
DATAMARK Cybersecurity Audit Calendar
Weekly Audits
Weekly audits entail a comprehensive review of our security measures to uphold the integrity of our systems and protect against potential threats. This includes:
- Windows Patching Verification: Rigorous checks are performed to validate the timely implementation of Windows patches, ensuring that our systems are fortified against known vulnerabilities.
- Employee Phishing Emails: Thorough examinations are conducted on employee phishing emails to bolster awareness and resilience against malicious cyber threats, safeguarding sensitive information and maintaining operational continuity.
Bi-Weekly Audits
Bi-weekly audits involve a meticulous review of our security protocols to bolster our defenses and mitigate potential risks. This includes:
- Nessus Scans and Remediation: Comprehensive scans are conducted using Nessus to identify vulnerabilities in our systems, followed by prompt remediation to address any issues and ensure robust protection against potential threats.
- SentinelOne Application Vulnerability Review and Remediation: Thorough examination of application vulnerabilities is carried out using SentinelOne, followed by proactive measures to remediate any identified issues promptly. Therefore, this approach fortifies our systems against potential exploits therefore strengthening our overall security posture.
Monthly Audits
Monthly audits are integral to maintaining the robustness of our security measures and ensuring the protection of our systems. This includes:
- VPN Access Audits and Confirming all VPN Access Requires MFA: Detailed scrutiny is given to VPN access to verify both user activity and ensure compliance with our security policies. Additionally, we confirm that all VPN access is fortified with Multi-Factor Authentication (MFA). As a result, this helps with enhancing authentication security and mitigating unauthorized access risks.
- Privileged User Auditing and Verification: Thorough audits are conducted to monitor privileged user activity and validate adherence to access controls. In particular, this ensures that only authorized individuals have access to sensitive systems and data, minimizing the risk of insider threats and unauthorized actions.
Quarterly Audits
Quarterly audits play a crucial role in maintaining the resilience and effectiveness of our security measures. This includes:
- AS User Access Audits: In- depth reviews of user access privileges are conducted to ensure alignment with business needs and security requirements. This helps in identifying and addressing any discrepancies or unauthorized access. Therefore, this results in bolstering overall system integrity.
- IT Training Review: Comprehensive evaluations of IT training programs are carried our to assess their effectiveness in enhancing employee awareness and adherence to security best practices. Thus, ensuring that our workforce remains well-equipped to recognize and respond to potential threats.
- Vulnerability Threat Assessment Scans: Robust vulnerability threat assessment scans are performed to identify and prioritize potential risks to our systems and infrastructure. By proactively identifying vulnerabilities, we can take prompt remedial actions to strengthen our defenses against cyber threats.
- Privileged User Verification: Rigorous verification processes are implemented to validate the access privileges of privileged users. In any case, this ensures that elevated permissions are granted only to authorized personnel, minimizing the risk of misuse or exploitation of sensitive resources.
Semi- Annual Audits
Semi-annual audits are pivotal in ensuring the resilience and adaptability of our security framework. This includes:
- Service Accounts Review: Comprehensive reviews of service accounts are conducted to assess their necessity, permissions, and usage patterns. After all, it helps in identifying dormant or unnecessary accounts therefore reducing the attack surface and enhancing overall security posture.
- Tabletop Exercise for Security Incident Management: Structured tabletop exercises are conducted to simulate real-world security incidents and evaluate our incident management processes and response capabilities. In any case, this proactive approach allows us to identify areas for improvement and refine our incident response procedures.
- Firewall Compliance: Thorough evaluation of firewall configurations and policies are performed to ensure compliance with industry standards and organizational security requirements. As a result of verifying firewall compliance, we enhance network security and mitigate potential risks associated with unauthorized access or malicious activity.
Annual Audits
Annual audits are pivotal milestones in ensuring the highest standards of security across our organization. This includes:
- SOC 2 Type II Certification: Rigorous assessments are conducted to ensure compliance with SOC 2 Type II standards, as a result this validates the effectiveness of our internal controls and security practices over an extended period. Therefore, this certification demonstrates our commitment to safeguarding customer data and maintaining the highest levels of trust and transparency.
- PCI Certification for PCI-Certified Environments: Thorough evaluations are performed to validate compliance with Payment Card Industry Data Security Standard (PCI DSS) requirements for environments handling cardholder data. As a result, achieving PCI certification underscores our dedication to securing payment transactions and protecting sensitive financial information.
- Cybersecurity Month Campaign: Annual campaigns are launched to raise awareness and promote cybersecurity best practices among employees, customers, and stakeholders. As a result, these initiatives aim to foster a culture of security consciousness and empower individuals to play an active role in mitigating cyber risks.
- Information Security Awareness Training: Comprehensive training programs are delivered to educate employees about information security policies, procedures, and best practices.
- Vulnerability Penetration Testing: Thorough penetration tests are conducted to identify and exploit vulnerabilities in our systems, applications, and networks. Therefore, this proactive approach helps us identify and remediate potential security weaknesses furthermore they can be exploited by malicious actors.
- Global Cybersecurity Maturity Assessment: Comprehensive assessments are performed to evaluate the maturity level of our cybersecurity program across global operations.
- Global Internal/External Penetration Testing: Extensive internal and external penetration tests are conducted to simulate real-world cyber attacks and assess our resilience to advanced threats.
ENSURING SECURITY AND COMPLIANCE
CERTIFIED WORKFORCE FOR UNPARALLELED COMPLAINCE AND ADHERENCE
A certified workforce is integral to our commitment to both excellence and reliability in providing top-tier BPO and Contact Center services. Therefore, this dedication not only elevates our credibility but also ensures that our clients receive the highest standard of service, backed by professionals who are adept at navigating complex industries and delivering exceptional results.
SECURITY INSIGHTS
STAY INFORMED WITH OUR LATEST INSIGHTS AND UPDATES
Through tailored solutions and continuous education, DATAMARK empowers partners to navigate the complex cybersecurity landscape with confidence, enabling them to focus on their core business objectives while mitigating risks effectively.
