Training and Awareness

Are all personnel required to sign NDA or Confidentiality Agreements as a condition of employment to protect customer/tenant information?

Yes, our personnel - both full-time and on-contract are bound by an agreement of non-disclosure and a confidentiality agreement as a condition of employment to protect the customers and tenant's information.

Do you specifically train your employees, contractors, third-party users regarding their specific role and the information security controls they must fulfill?

Yes, all the employees and personnel pass through induction and job training, along with contractors and third-party users for their share of information security controls.

Are personnel trained and provided with awareness programs at least once a year?

Yes, all personnel are well trained with awareness programs annually.

More info below:

Questions
Answers
Do you have an information security awareness training program? Do you perform phishing tests on your employees? Please describe frequency of the security awareness training, phishing exercises, and subjects addressed in your training.
We conduct the Infosec Awareness training as soon as employee joined the organization and on annual basis. Each employee, when inducted, signs a confidentiality agreement and acceptable use policy, after which they undergo training in information security, privacy, and compliance. Furthermore, we evaluate their understanding through tests and quizzes to determine which topics they need further training in. We provide training on specific aspects of security that they may require based on their roles.
Do all staff receive information security awareness training?
We conduct ISMS training for all the employees.
Are all systems security configuration standards documented and based on external industry or vendor guidance?
Attached the IT policy. We also have communicated these to all the employees to spread awareness among them.
Are there awareness training sessions on remote working guidelines, social engineering, etc. conducted ? What is the periodicity of training?
We conduct ISMS training for all the employees. The frequency of the training will be annually.
Is a Training and Awareness Program maintained that addresses data privacy and data protection obligations based on role?
Data privay and Data protection is a part of our Infoarmation security awareness training.
Does the organization conduct pre-joining & periodic information security trainings & awareness programs to convey criticality of the customer data?
Yes. We conduct ISMS training for newly joined employees and existing employees.
Describe your security awareness program for personnel
Yes. We do conduct security awareness training for all the employees as soon as they joined the organization and also annually as per the ISMS requirements.
Third parties should ensure its personnel have role-based training programme for information security on an annual basis.
We conduct annual ISMS training for all the employees as per the compliance requirements
What kind of cloud security awareness you provide to your administrators?
We provide mandatory security and awareness training to all our employees and spread awareness about the information security accrross the organization.
Do all staff formally complete annual end user security awareness training?
Yes. We conduct Infosec awareness training as soon as the new employees join the organization and annually once for all the existing employees.
Are data privacy compliance taken into consideration in the design of new and/or redevelopment of existing systems or business processes? (If so please detail how and when)
Yes. We have eduated all our employees throgh training on Data privacy compliance. The Production or devolopment team always make sure that the new devolopments made will be complied with the data privacy requirements. We also educate our Production or devolopment on the recent updates throgh necessary trainings.