Abstract Structure

Privacy and Protection of Personal Information Policy

International Customer Care Services is committed to protecting the privacy and personal information of its clients, employees, customers and other stakeholders. All personal information is kept strictly confidential and may only be used for identified operational purposes.


Upon hiring, all employees are required to sign our Privacy and Protection of Personal Information Policy. In addition, all employees are trained about privacy legislation (PIPEDA) and the protection and disclosure of personal and confidential information.

 

If there are changes to Privacy Legislation these are communicated to all employees who are then required to sign off on the changes and trained on how this will affect the performance of their duties.


Measures to Ensure the Security, Privacy & Integrity of Data


ICCS considers information security and privacy to be of the utmost importance. Our IT security organizational structure is centralized in our Head office location. Our Montreal branch is connected to our Head office network through a secured VPN connection.
All IT security policies are documented and communicated to all staff, who are required to provide written confirmation of receiving these policies and acceptance of the same.


External access to our systems is only granted via the VPN and with a unique user account. There is no public access to any system that has private or confidential information. All transmission of data to and from our systems is controlled through our secured FTP site via TLS or PGP file encryption formats.


No third parties have direct access to our system with the exception for our Platform support group. Our security policy includes a user termination policy including but not limited to termination of access to the premises, VPN access, user access, and user rights being revoked on both the physical and logical levels.


ICCS Security Policies cover the following:

 

  • Application & Data Security

  • Logical Security – Access & Authentication

  • Physical Security – Systems & Facilities

  • Building Security

  • Data Center Security

  • Processing Location Security

  • Network & Communication Security

  • Malicious Software Security

  • Incident Response – Audit & Monitoring

  • Back Up and Recovery

  • Disposal of Information

  • The Use of Other Vendors

  • Security Incident Handling Policy