ISO 27001 Information Security Certified

ISO 27001 is the global gold standard for securing information. The Information Security Management System (ISMS) that ISO 27001 provides enables Integra to operate a data secure organization. SOC 2 and ISO 27001 are similar standards. SOC 2 is popular in the US and ISO 27001 is a worldwide standard.

Very few companies actually achieve ISO 27001 certification. According to ISO.org, only 28,426 companies worldwide were certified last year -- among them are Dell, Pfizer and Vodafone. We are also proud to be among the select group of companies who care about customer's data.

Data security, privacy and confidentiality of your information

When you outsource your tasks to a supplier, it must be in trusted hands. As a business, the security of your data is your responsibility and you have to ensure that it is properly safe guarded. We are fully aware of this and that is why we have taken every precaution to safeguard your data when it is with us. This is the primary reason why we have implemented ISO 27001 at our branch in India.

We deal with very sensitive information such as bank logins, credit card logins, social security, information etc. on a daily basis. We are extremely aware of the sensitiveness of the data and have taken all possible measures to ensure the safety of your data. It is only due to our strict data handling procedures, we have never had any security issues since our company inception (2004). It is also the reason why our clients trust us with all their confidential information which has allowed us to grow to hundreds of staff.

We also are a Pennsylvania, USA Corporation and we abide by the same privacy and confidentiality laws as you do.

As a requirement of ISO 27001 information security following are the points we have implemented to protect your data. You can also view the certificate here.

Physical and environmental controls

• 24/7 security guards at our building
• Finger print scanner access doors to prevent entry of un-authorized personnel
• Computing equipment in access-controlled areas
• Humidity and temperature control with alarm placed in server rooms
• Diesel generators power back up with on-site diesel fuel storage
• Uninterruptable power systems (UPS)

Operational security controls

• High-end firewall gateway which provides security, web control, and application control.
• Trend Micro end point protection is used to prevent, detect, and eradicate malware along with device control.
• Connected to the Internet from multiple Internet Service Providers served from multiple telecommunication
• Provider Points of Presence.
• Information Security staff monitors notification from various internal systems.
• Active Directory Authentication is used for User access control and network access.
• Restricted Internet access
• Our high security servers are managed from USA data centers
• No removable drives (CD/DVD) in the operations floor
• Activity monitoring software is installed in all our computers
• All our systems are access restricted by multiple levels of password protection
• No printers, USB based pen devices and DVD/CD drives on the work floor
• Computer networks are safe guarded by many levels of software
• Your information is used only to process the tasks that you have assigned to our staff

Business continuity and disaster recovery

• Well defined business continuity and disaster recovery processes
• Multiple offices in the same city, offices in multiple cities and countries allows us to easily provide disaster recovery back up sites

Human resources

• NDA (Non-disclosure agreement) signed by every staff member
• Independent screening and background checks before employment
• Extensive data confidentiality training as per ISO 27001 standards
• No mobile phones are allowed inside offices and kept in lockers outside

Highlights of our data security

• ISO 27001 information security international standard certified
• Payment card industry (PCI) data security standard approved
• PCI certified for handling and processing credit card information
• HIPAA compliant for handling confidential health and medical records
• Approved by ministry of communication & information technology (STPI, India)
• STPI approval number: 5798-Nov 2007
• Registered under data protection act with UK information commissioner. UK data protection registration number: Z3331950 (since 2009)