Data Security
      Back to home
      1. Help Center
      2. Data Security
      3. Data Security

      What is MicroSourcing’s data security policy?

      MicroSourcing has put an extensive range of measures in place that will provide maximum protection for our clients and for our own company. These measures include ISO 9001 and ISO 27001 certification, PCI-DSS compliance, HIPAA compliance, and a full suite of procedures and policies.

      Compliance with International Standards

      • MicroSourcing is certified for two ISO standards – 9001/27001. We are furthermore capable of hosting and managing HIPAA and PCI-DSS compliant operations.
      • We have a dedicated team in place who is responsible for our compliance, business continuity, and information security.
      • Our ISO 9001/27001 certifications are audited yearly by SGS, one of the most renowned internationally recognized auditing firms.
      • Our clients in the financial and medical industry conduct their own annual audits for the PCI-DSS and HIPAA compliance of their offshore operation at MicroSourcing using both internal and external auditors.

      Human Resources-related Policies

      • All new hires have to submit an extensive list of pre-employment requirements including clearances from their neighborhood council (Barangay Clearance) and the National Bureau of Investigation (NBI). The NBI clearance assures that there are no pending criminal cases against the job candidate.
      • Our employment contracts contain clauses on confidentiality and intellectual property. Where necessary, our client can opt to add NDAs, non-competes, and any other stipulations as long as they are in compliance with local labor laws. Our human resources department can assist in making sure that client-specific employment terms are in compliance.
      • Our code of conduct (COC), including our IT acceptable use policy, identifies a number of breaches of confidentiality and breach of security scenarios and how these will be dealt with. During new hire COC orientation, these rules and regulations are explained in detail.
      • The off-boarding process includes returning all MicroSourcing and client assets for which accountability forms have been filed during the acceptance of those assets. This includes deactivation or deletion of all accounts, access passwords, and proximity cards provided to the employee.

      Premises-based Policies

      • All our offices are located in guarded private compounds with all access points and roads guarded by security cameras and security guards. Our office buildings have their own security guards and strict protocols when it comes to the delivery and extraction of assets and entry of people.
      • We have our own security guards who man our front desk and monitor the security cameras we have installed all over our offices. Our guards are trained to implement a strict no ID, no Entry policy.
      • We have special work floors with additional security measures which will require all employees to leave all their belongings at our baggage counter and pass a second security control. These are work floors which do not allow any personal belongings including mobile devices or any other electronics to be brought into the work floor.
      • Our access doors are controlled by network-driven proximity card devices which enable us to control and monitor access from a central location. All access data are stored on a central server.
      • Our offices have sprinklers and central fire detection panels controlling the numerous fire detection units we have spread across our offices. Our fire control panels are linked to the central fire control panel of the buildings we occupy.

      Information Technology-related Policies

      • Fully customizable workstation environment with options to work with thin client desktops or to disable USB ports and optical drives.
      • Fully customizable server and networking environment with options for VLANs, physically segregated network partitions, and MPLS links.
      • Unified threat management devices with fully adjustable data with content filtering, IPS and IDS.
      • Desktop security is managed by Bitdefender End Point Protection with a central management.
      • Fully redundant network infrastructure with automatic fail-over.

      Customization and Cooperation on Data Security

      MicroSourcing works closely with its clients to ensure a safe data flow between our client’s domestic operations and their team in the Philippines at MicroSourcing. Our clients are free to provide us with their own security protocols which they can ask us to replicate for their offshore operations at MicroSourcing. The key takeaway being that we are highly experienced in data security and capable of customizing the data security environment of each of our clients.