While we are moving towards digitalisation, data privacy and information security have emerged as important aspects of our business, and also, a part of our corporate governance system. At Tata Communications, we are committed to protecting the personal information and private communication of our customers from sophisticated cyber-crimes through the effective implementations of digital technologies.
We recognise that data privacy and information security are not only an integral part of our responsibility to ensure compliance with applicable regulations, but are also vital to our customers’ continued trust in the business.
Privacy policy
Our comprehensive privacy policy outlines our commitment to ensure compliance with applicable privacy laws and describes how we collect, use, disclose and protect personal data. We continue to enhance and expand our governance measures to raise awareness of and promote compliance with our data protection obligations and responsibilities. Our policy provides insights into the use of cookies, tracking mechanisms, and third-party ad networks as well as purpose of sharing information with third parties.
We have safeguards and security measures in place for identifying, assessing, investigating, and reporting personal data breaches. Through an user-friendly interface accessible via a web link embedded in our privacy policy, data subjects can exercise their data privacy rights such as requesting personal data correction, access or erasure, restricted processing and transferring personal data, erasure as well as submitting data processing objections. We have not received any substantiated complaints regarding breaches of customer privacy, and data subject requests received in the past year have been addressed in accordance with statutory requirements.
Cybersecurity awareness month
At Tata Communications, we celebrated October 2021, as ‘cybersecurity awareness month.’ The main goal of this programme was to create increased awareness about the importance of cyber security and ensure that all our employees have the information they need to be safer and more secure, while online.
Data and information security
Our robust Information Security Management system is certified with ISO 27001:2013, Information Security standard, with a scope of services covering Information Security Management System, service delivery and support operations of ‘Enterprise IT Services, IT Data Centre Operations and Global Information Security Group.’ We have an Information Security Policy, formulated in line with ISO 27001 Information Security standard, applicable to all employees and third parties, having access to our information. The objective of our policy and processes is:
We also have an Information Security organisation structure, led by the Chief Information Security Officer to ensure the security of information and information systems, to provide an overall direction to sustain and improve the security posture of Tata Communications, and to define and drive the implementation of our Company’s information security policies, procedures, and standards. Security assurance at Tata Communications comprises several security testing tracks to ensure the organisation’s digital ecosystem is adequately protected and sustained. The tracks include both, internal and external vulnerability, and penetration testing of infrastructure, red teaming engagement, Blackbox testing, and regulatory audits. In addition, security assurance is audited and certified for compliance with ISO 27001, SOC 2 Type II, Statutory ITGC, and regulatory requirements.
Information Security Assurance (ISA)
It is a comprehensive security assurance framework that is a one-point security posture and compliance review for the information assets. This framework includes key control areas, but is not limited to security architecture and design review, infra and application security testing, cloud security, access controls review, end-user security exceptions, governance risk, and compliance asset monitoring. All new applications/infrastructure and changes to the existing infrastructure and applications hosted in the Tata Communications network are to be reviewed for security exposure, remediated, and signed off before production deployment. The ISA framework integrates seamlessly with the software development phases, including DevOps, and introduces appropriate security checkpoints to IT release and change management processes. This framework helps uncover and reduce vulnerabilities early in SDLC, before production release, and builds security into SDLC effectively.