Expleo Solutions Limited promotes the adoption of a process approach when developing, implementing and improving the effectiveness of a quality management system to enhance customer satisfaction by meeting customer requirements. Specific requirements considered essential to the adoption of a process approach are understanding the customer requirement, understanding and managing interrelated processes as a system thereby contributing to the organization effectiveness and efficiency in achieving its intended results. This approach enables Expleo Solutions Limited to control the interrelationships and interdependencies among the processes of the system, so that the overall performance of the organization can be enhanced.
Expleo Solutions Limited process approach involves the systematic definition and management of processes and their interactions to achieve the intended results in accordance with the quality policy and strategic direction of the Leadership team.
Expleo Solutions Limited encourages risk-based thinking to determine the factors that could cause its processes and quality management system to deviate from the planned results, to put in place preventive controls, to minimize negative effects and maximise use of opportunities as they arise. Consistently meeting requirements and addressing future needs and expectations pose a challenge for organizations in an increasingly dynamic and complex environment. To achieve this objective, Expleo Solutions Limited adopts various forms of improvement in addition to correction and continual improvement, such as breakthrough change, innovation and re-organization.
The value of information goes beyond written words, numbers and images. Knowledge, concepts, ideas and brands are intangible forms of information. In an interconnected world, information and related processes, systems, networks and personnel involved in their operation, handling and protection are assets, which like other important business assets are valuable to an organization’s business and consequently deserve or require protection against various hazards.
Assets are subject to both deliberate and accidental threats while the related processes, systems, networks and people have inherent vulnerabilities. Changes to business processes and systems or other external changes (such as new laws and regulations) may create new information security risks. Therefore, given the multitude of ways in which threats could take advantage of vulnerabilities to harm the organization, information security risks are always present. Expleo Solutions Limited believes that effective Information Security reduces these risks by protecting the organization against threats and vulnerabilities and reduces impact to its assets.
Information Security at Expleo Solutions Limited is achieved by implementing a suitable set of controls, including policies, processes, procedures, organizational structures, software and hardware functions. These controls are established, implemented, monitored, reviewed and improved to ensure that the specific security and business objectives of the organization are met.
Expleo Solutions Limited adopted ISO 27001, an International Standard for establishing, implementing, maintaining and continually improving an Information Security Management System. The adoption of an Information Security Management System is a strategic decision for an organization. The establishment and implementation of an organization’s Information Security Management System is influenced by the organization’s needs and objectives, security requirements, the organizational processes used and the size and structure of the organization. The Information Security Management System implemented at Expleo Solutions Limited preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed.
At Expleo Solutions, the Information Security Management System is a part of the organization’s processes and is integrated with the overall management structure and Information Security is considered in the design of processes, information systems and controls.
PCI DSS: The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS applies to all entities involved in payment card processing - including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD).
Expleo Solutions Limited adopted PCI DSS to meet the customer requirement specific to Cards & Payments domain. Expleo Solutions Limited has designed and implemented technical and operational controls to protect cardholder data.
Expleo Solutions Limited not only implemented a minimum set of requirements for protecting cardholder data, but also deployed additional controls and practices to further mitigate risks to address local, regional and sector laws and regulations. These controls also address the legislation or regulatory requirements on protection of personally identifiable information or other data elements.
The PCI DSS security requirements apply to all system components included in or connected to the Cardholder Data Environment. The Cardholder Data Environment (CDE) comprises of people, processes and technologies that store, process or transmit cardholder data or sensitive authentication data. “System components” include network devices, servers, computing devices and applications.
ISAE 3402 (International Standard on Assurance Engagements) / SSAE 18 (Statement on Standards for Attestation Engagements) an independent assessment report as per the ISAE 3402/ SSAE 18 provides the confidence on control procedures, adequacy and reasonable assurance of our service delivery and information security, data privacy related controls. SSAE 18 is relevant for the US market while ISAE 3402 is relevant for the rest of the world. The assessment report illustrates the positive effects of properly functioning and articulated control environment to an organization’s senior management and our clients.
Outsourcing companies (Expleo clients) are looking for third-party assurance to provide their clients (Expleo) with comfort about their internal control environment. Replacing SAS 70, ISAE 3402 / SSAE 18 standards remain the most widely employed approach to demonstrate third-party assurance, providing coverage to users of outsourced services. The SSAE 18 "attestation" standard and the ISAE 3402 "assurance" standard essentially share a common framework derived from the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA), which put forth SSAE 18, and the International Auditing and Assurance Standards Board (IAASB) of The International Federation of Accountants (IFAC), which put forth ISAE 3402. This common framework between SSAE 18 and ISAE 3402 is one that represents a migration, adoption, and ultimately, an acceptance of globally accepted accounting standards, such as those of the International Financial Reporting Standards (IFRS), which are essentially the standards, interpretations and framework adopted by the International Accounting Standards Board (IASB).
Internal process audit team carries out regular process audits on compliance to the established process, customer service delivery fulfilment and Information Security controls. Over and above external auditors carry out periodical assessment as part of the aforesaid certifications. These are very much essential to ensure that the organizational processes are in conformity with those committed to the customers in terms of the customer agreements as well.