at a glance
Corporate Social Responsibility & Certifications
Corporate Social Responsibility
Corporate Social Responsibility (CSR) at Expleo Solutions is about how we manage our impact on society and the environment. The activities under the Corporate Social Responsibility are as follows:
Expleo Solutions works with the following Non-Governmental Organizations to ensure that its contributions are effectively utilized
Vidya Sagar
Vidya Sagar The Spastics Society of India was born in March 1985 in a garage in Chennai. It was started by Mrs. Poonam Natarajan, the mother of a child with profound disability, since there were no services available for this group. It was renamed ‘Vidya Sagar’ in 1998. Today Vidya Sagar is housed in a building that is designed in a manner that is totally barrier-free, and accessible to persons with disabilities, on land leased by the Government of Tamil Nadu and with community support. Mrs. Natarajan who had equipped herself with training in special education started the services with three students and three staff members. The parent-training program under Home Management, was their first project in 1985. Its objectives are to work on strategies that will empower parents of children with neurological impairments to include their children within their homes and support their inclusion in the community. Vidya Sagar today runs several programs reaching out to over 3800 individuals with disabilities. This has been possible by setting up high quality delivery of services, focusing on early intervention, special education, physiotherapy, speech and communication therapy, vision training, occupational therapy, co-curricular activities, counselling, vocational training, exploring and creating employment opportunities and training of resource persons to work in the field of disability. Vidya Sagar is a rights based organization, with emphasis on creating awareness in the community on issues related to disability and advocating rights for persons with disabilities.
World Vision India
World Vision IndiaWorld Vision India is a Christian humanitarian organization working to create lasting change in the lives of children, families and communities living in poverty and injustice. World Vision serves all people regardless of religion, caste, race, ethnicity or gender. Spread across 174 districts in India, World Vision works through long-term sustainable community development programs and immediate disaster relief assistance. Focus on Children: All development work World Vision India carries out is focused on building the capacity and ability of communities and families to ensure the wellbeing of children. The wellbeing of children includes ensuring children have access to education, health, protection and participation. Grass root Based: World Vision India is an operational organization involved in relief and development that is community-based. World Vision India’s staff live with communities at grassroots level, learning from them and working alongside them while pursuing the goal of promoting the wellbeing of all children. Partnering for Change: World Vision partners with communities, children, Government, civil society, corporations, academia, and faith based organizations to build a nation fit for children.
Agastya International Foundation
Agastya International FoundationSparking Curiosity and Nurturing Creativity In Rural India. Agastya is a cause – not just an organization. Its mission is “to spark curiosity, nurture creativity, and instill confidence” in economically disadvantaged children and government schoolteachers by bringing innovative, hands-on science education and peer-to-peer learning to government schools and villages across India. Agastya runs one of the largest hands-on science education programs for children and teachers in the world! Many of the poor children in India begin with their future already laid out for them. They are destined to follow the well-worn paths of their parents and grandparents. But Agastya shows these children a wider world, exposing them to some of the benefits of an education. Whether on the main campus, or through a visit from a mobile lab instructor, children see Agastya as a place for discovery, where they learn to really see the world around them, to observe and draw conclusions about the connections between nature and themselves. Their minds and imaginations are stimulated through direct, hands-on engagement. Agastya allows them to wonder about the world, and freely ask, “How?” and “Why?”
Certifications
PCI DSS
PCI DSS: The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS applies to all entities involved in payment card processing – including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD).
Expleo Solutions Limited adopted PCI DSS to meet the customer requirement specific to Cards & Payments domain. Expleo Solutions Limited has designed and implemented technical and operational controls to protect cardholder data.
Expleo Solutions Limited not only implemented a minimum set of requirements for protecting cardholder data, but also deployed additional controls and practices to further mitigate risks to address local, regional and sector laws and regulations. These controls also address the legislation or regulatory requirements on protection of personally identifiable information or other data elements.
The PCI DSS security requirements apply to all system components included in or connected to the Cardholder Data Environment. The Cardholder Data Environment (CDE) comprises of people, processes and technologies that store, process or transmit cardholder data or sensitive authentication data. “System components” include network devices, servers, computing devices and applications.
ISO 27001:2013
The value of information goes beyond written words, numbers and images. Knowledge, concepts, ideas and brands are intangible forms of information. In an interconnected world, information and related processes, systems, networks and personnel involved in their operation, handling and protection are assets, which like other important business assets are valuable to an organization’s business and consequently deserve or require protection against various hazards.
Assets are subject to both deliberate and accidental threats while the related processes, systems, networks and people have inherent vulnerabilities. Changes to business processes and systems or other external changes (such as new laws and regulations) may create new information security risks. Therefore, given the multitude of ways in which threats could take advantage of vulnerabilities to harm the organization, information security risks are always present. Expleo Solutions Limited believes that effective Information Security reduces these risks by protecting the organization against threats and vulnerabilities and reduces impact to its assets.
Information Security at Expleo Solutions Limited is achieved by implementing a suitable set of controls, including policies, processes, procedures, organizational structures, software and hardware functions. These controls are established, implemented, monitored, reviewed and improved to ensure that the specific security and business objectives of the organization are met.
Expleo Solutions Limited adopted ISO 27001, an International Standard for establishing, implementing, maintaining and continually improving an Information Security Management System. The adoption of an Information Security Management System is a strategic decision for an organization. The establishment and implementation of an organization’s Information Security Management System is influenced by the organization’s needs and objectives, security requirements, the organizational processes used and the size and structure of the organization. The Information Security Management System implemented at Expleo Solutions Limited preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed.
At Expleo Solutions, the Information Security Management System is a part of the organization’s processes and is integrated with the overall management structure and Information Security is considered in the design of processes, information systems and controls.
ISO 9001: 2015
Expleo Solutions Limited promotes the adoption of a process approach when developing, implementing and improving the effectiveness of a quality management system to enhance customer satisfaction by meeting customer requirements. Specific requirements considered essential to the adoption of a process approach are understanding the customer requirement, understanding and managing interrelated processes as a system thereby contributing to the organization effectiveness and efficiency in achieving its intended results. This approach enables Expleo Solutions Limited to control the interrelationships and interdependencies among the processes of the system, so that the overall performance of the organization can be enhanced.
Expleo Solutions Limited process approach involves the systematic definition and management of processes and their interactions to achieve the intended results in accordance with the quality policy and strategic direction of the Leadership team.
Expleo Solutions Limited encourages risk-based thinking to determine the factors that could cause its processes and quality management system to deviate from the planned results, to put in place preventive controls, to minimize negative effects and maximise use of opportunities as they arise. Consistently meeting requirements and addressing future needs and expectations pose a challenge for organizations in an increasingly dynamic and complex environment. To achieve this objective, Expleo Solutions Limited adopts various forms of improvement in addition to correction and continual improvement, such as breakthrough change, innovation and re-organization.
SSAE 18/ ISAE 3402
ISAE 3402 (International Standard on Assurance Engagements) / SSAE 18 (Statement on Standards for Attestation Engagements) an independent assessment report as per the ISAE 3402/ SSAE 18 provides the confidence on control procedures, adequacy and reasonable assurance of our service delivery and information security, data privacy related controls. SSAE 18 is relevant for the US market while ISAE 3402 is relevant for the rest of the world. The assessment report illustrates the positive effects of properly functioning and articulated control environment to an organization’s senior management and our clients.
Outsourcing companies (Expleo clients) are looking for third-party assurance to provide their clients (Expleo) with comfort about their internal control environment. Replacing SAS 70, ISAE 3402 / SSAE 18 standards remain the most widely employed approach to demonstrate third-party assurance, providing coverage to users of outsourced services. The SSAE 18 “attestation” standard and the ISAE 3402 “assurance” standard essentially share a common framework derived from the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA), which put forth SSAE 18, and the International Auditing and Assurance Standards Board (IAASB) of The International Federation of Accountants (IFAC), which put forth ISAE 3402. This common framework between SSAE 18 and ISAE 3402 is one that represents a migration, adoption, and ultimately, an acceptance of globally accepted accounting standards, such as those of the International Financial Reporting Standards (IFRS), which are essentially the standards, interpretations and framework adopted by the International Accounting Standards Board (IASB).
Internal process audit team carries out regular process audits on compliance to the established process, customer service delivery fulfilment and Information Security controls. Over and above external auditors carry out periodical assessment as part of the aforesaid certifications. These are very much essential to ensure that the organizational processes are in conformity with those committed to the customers in terms of the customer agreements as well.