Privacy risk assessments are undertaken with the objective of identifying potential areas of risks relating to privacy of employee data collected, processed and stored within Wipro’s internal Information Systems within various geographies. The mitigation measures in-line with ISMS practices are implemented to address the risks. Compliance verifications are performed through regular internal and external audits. (ISO27001:2013 for Information Security and other Business Continuity framework principles). Changes to applicable privacy laws, regulations, and policies space across various geographies are monitored and assessed for their impact on the enterprise from Information Security/ Business Continuity perspective. Necessary inputs are sought from the Legal team to assess the impact for any legal risks involved while undertaking key enterprise level initiatives.
Automated monitoring tools and detective controls have been implemented for detecting leakages of confidential data from Wipro. The data breach notification procedure template, which is deployed specifically for each customer account/program/project, is also provided. A security incident notification form is also designed for notifying the data breach incidents and published on the intranet portal accessible for all employees.
Data privacy specific training programs are designed and imparted to employees of customer accounts on all applicable privacy regulations. In addition, innovative methods are employed to spread Information security and privacy awareness amongst all Wipro users such as e-mailers, blogs, and theme based awareness campaigns.
Wipro's technology infrastructure in various locations of operation ensures adequate resilience in the basic IT infrastructure, which helps critical business operations run during disaster situations. Technology disaster recovery planning includes physical infrastructure, computing infrastructure and communication infrastructure. Wipro’s corporate (i.e. non-customer data) data assets residing in our enterprise information systems and applications are backed up on a regular basis and the backup integrity tests are periodically performed as per Wipro Information Security Policy.
The Security Organization in Wipro is established with clear roles and responsibilities for implementing information security and business continuity in the organization. General Counsel of Wipro is the authority to review the effectiveness and progress of information security and business continuity programs. Information Risk Management & Policy Compliance Group (IRMC) headed by the designated CISO (Chief Information Security Officer), a group that holds the overall responsibility of governing the Information Security risk and compliance practices within Wipro. Further, on the Risk Management initiatives, IRMC works closely with Enterprise Risk Management (ERM) team headed by Chief Risk Officer (CRO), which holds the responsibility for data privacy and reports to General Counsel as well as Wipro Board of Directors. It is generally understood and accepted internally that Information security and privacy is a joint responsibility of multiple stakeholders from various departments/functions such as Information Risk Management, Legal, Human Resources, Enterprise Risk Management office, senior leadership, Global Delivery Organization and the internal Information Systems teams.
Performance on Data Privacy and Information Security
Wipro is certified under the ISO 27001:2013 standard which provides assurance in the areas of information security, physical security and business continuity. Wipro has a well-documented Business Continuity Management System in line with BS25999 standard. This is a program through which preparedness for handling emergencies is addressed at business unit, location and cross functional levels.