At the core of our certification and compliance is our long standing relationship with BSi. Over many years, BSi has reviewed our Information Security Management System (ISMS) and provided both the external validation required to maintain our certifications, and also a route to best practices for information security implementation and management.
We maintain multiple ISO standards across our various geographies, and this is a core part of our philosophy. All our staff and processes operate within the same parameters, business processes, and controls to ensure information security is applied uniformly across the world. All these controls are overseen and validated through an independent external audit by BSi.
Confidentiality
We use data encryption and various access control methods to guarantee that all your personal and business information stays confidential at all times and that no unauthorised persons will have access to it, either physically or logically. We process your data for the purpose for which you provided it to us. The only cases where we may disclose your data are specified in our Privacy Policy
Integrity
Only you can change, correct, restrict or delete your personal information that we hold. By implementing other technical and process controls such as information handling and version control, data backup and verification process, and a comprehensive business continuity strategy, we make sure the integrity of your data is not compromised – it will not be altered in any way and will always remain accurate.
Availability
We ensure that all our systems are regularly updated and actively monitored 24/7 to ensure maximum availability and performance. In case of hardware or wider site failures, we are always ready with business continuity and disaster recovery processes. Under GDPR provisions, you can always request access to your data and know where it is being processed or transferred.
TOMs
Fusion GBS maintains a TOMs (Technical and Organisational Measures) document as part of our technical control definitions and to support our GDPR efforts. The Fusion GBS Information Security Management System (ISMS) meets all the requirements defined by ISO/IEC 27001/2. No exceptions.
Executive Oversight and Review
- Regular review and oversight by a dedicated information security group comprising Senior Leadership
- Direct reporting route to the main Fusion GBS Board
- Named senior responsibilities for information security functions
- Dedicated groupwide information security objectives
- Senior ownership of risk and treatment
Documentation
- Regular review and oversight by a dedicated information security group comprising Group Senior Leadership
- Direct reporting route to the main Fusion GBS Board
- Named senior responsibilities for information security functions
- Dedicated groupwide information security objectives
- Senior ownership of risk and treatment
Risk Assessment and Treatment
- Full risk assessment at least annually (or on significant changes)
- Multiple other targeted assessments (geo-local, application, platform, etc)
- Assessment of all possible threats and vulnerabilities in context against likelihood and impact
- Published and reviewed a risk management plan
- Executive ownership of risk across all Business Units
Auditing
- Internal and external security audits, including all Business Units worldwide
- External audits were conducted by BSi (www.bsigroup.com) to certify Fusion GBS against ISO standards
- Internal auditors are appointed internally and by a trusted third party to ensure impartiality and role segregation
- Audits are conducted at least annually on organisational change and as part of security incident management
Supplier Management
- Regular monitoring and review of suppliers impacts information security
- Access reviews of supplier access to data to ensure correct and proper processing
- Confidentiality clauses for all supplier contracts
- Published and approved supplier Code of Conduct
Other Aspects
- Full business continuity and disaster recovery management
- Change management with Plan/Do/Check/Act and multi-layer approval process with CAB
- All employees know and understand their information security responsibilities through training and awareness
- Regulatory compliance with all relevant laws and regulations in all Fusion GBS geographies
- Culture of continuous improvement for information security