Security & Compliance
JSCM Group is continuously expanding our portfolio of Security & Compliance Reports as our customers request them. The following is the current report available to all Customers and Prospects under NDA. Please contact JSCM Group and fill out the form for copies of reports as applicable to your organization or to find out if a particular certification will soon be available.
SOC2 Type 2
The SOC2 Type 2 report is an independent auditor’s attestation of the security controls that JSCM Group has had in place during the report’s coverage period. This report is provided for customers and prospects to review to ensure No Exceptions to the documented policies and procedures in the policy documentation.
JSCM Group is serious about security and data protection
Technical Security Compliance
Responsible for ensuring that information security requirements are adhered to in the application architecture, and technology landscape. Security assessments, Vulnerability Assessment, and Penetration Testing (VAPT) are carried out on a periodic basis both internally and by independent third-party accredited firms.
Risk Management
The information security team assesses security risks annually and on an ongoing basis when major changes occur. The various feeder channels that are factored for risk management includes findings from audits, incidents, changing threat landscape, and changing contractual/regulatory.
Audit and Compliance
JSCM Group gets audited by independent audit entities either from the internal organization or from independent external bodies.
JSCM Group audits its products, processes, and vendors based on a risk-based cadence such that all entities are audited at least once a year.
Policies and Procedures
Policies and procedures in line with ISO 27001:2013 standards are defined and regularly audited.
The processes are reviewed annually and any changes are communicate to all relevant employees.
Training and Awareness
Requirements for responsible handling of data including any types of personal information are communicated to all employees as part of their hiring into JSCM Group.
Further any changes to any of these requirements are communicated as and when it is rolled out and an annual refresher training is conducted for all employees.
Confidentiality Agreements
All employees sign an agreement of data confidentiality when they join JSCM Group. Data includes all information including any client information that they become aware of.
Confidentiality agreements are also signed with all its vendors or sub-processors along with appropriate services contracts with them.
Code of Conduct
Our Code of Conduct is a set of common rules and standard of ethics that every JSCM Group employee is expected to follow in letter and in spirit.
JSCM Group takes its work culture and any deviation from it seriously. So employees are encouraged to speak up about any violations.
Information Security Road-map
Ensure that the information security road-map is well thought through factoring all customer, regulatory and contractual requirements and is adjusted for internal and external threat vectors.