Elevate BPO

Industry Experience and Specialization:

  •   Established in 2010, Elevate BPO Services Pvt. Ltd. is a leading provider of contact center services, catering to multinational clients across diverse industries.
  •    Our extensive experience in the industry since 2010 has enabled us to develop deep expertise and a strong track record in delivering exceptional solutions.

Focus on Banking, Insurance, and Telecom Sectors

  •   We specialize in providing comprehensive contact center services tailored to the specific needs of the banking, insurance, and telecom sectors.
  •    Our in-depth knowledge of these industries allows us to offer customized solutions that drive growth and operational efficiency for our clients.

Commitment to High-Quality Work and Compliance:

  •   At Elevate BPO, we are committed to delivering high-quality work that exceeds client expectations.
  •   We adhere to strict compliance standards, ensuring data security, privacy, and regulatory compliance, thereby fostering trust and confidence among our multinational clients.

Core Values of Integrity and Ethical Practices:

  •   Integrity is at the core of everything we do. We prioritize ethical practices and conduct business with honesty, transparency, and fairness.
  •   Our commitment to integrity ensures that our clients receive trustworthy and reliable services, fostering long-term partnerships based on mutual respect and shared values.

Hiring and Retaining Top Talent:

  •   We recognize that our success hinges on the talent and expertise of our team. We have a rigorous recruitment process in place to attract top industry professionals.
  •   We invest in continuous training and development programs to enhance the skills of our employees, fostering a culture of excellence and innovation.

BEST IN BUSINESS SECURITY OUTSOURCING SERVICES

We take pride in being a trusted provider of omnichannel solutions for clients, while providing unmatched security outsourcing services. We constantly adapt to technology, monitor risks and threats, comply with data privacy requirements, and seek new ways to protect company and customer data.

Mandatory Information Security and Data Protection Requirements

    Security is one of the utmost important aspects while delivering services as per the current scope of services. Service Provider shall establish and maintain reasonable and appropriate security, and other safeguards against the destruction, loss, alteration of, or unauthorized access to Client’s systems and data.

    We comply with the information security requirements set forth in the client’s SOW. We establish and maintain adequate and appropriate environmental, security, and other safeguards against the destruction, loss, alteration of, or unauthorized access to the client’s data in all forms.

    We would always be required to adhere to the following information security control requirements during the course of the engagement.

Governance and Management

We comply with all applicable policies of the client, including but not limited to the client’s Privacy Policy, Information Security Policy, Code of Conduct/Ethics, RBI guidelines on outsourcing and the Do-Not-Call policies and the policies and regulations issued by any Regulatory Authorities including TRAI, IBA, RBI etc. from time to time.

Policy Standard and Compliances

    We have documented and operational security policies/guidelines/standards/procedures, in line with ISO 27001:2013 or other equivalent industrial security compliances standard which are applicable as per the scope of service(s) rendered to the client under the customized SoW. These policy and other documents are updated on periodic basis.

    We follow all the process defined by client like human resources/personnel security, physical and environmental security, incident management, secure handling of customer information etc.

Physical & Personnel Security

We have physical security procedures in place, including physical access control, security guards, and regular monitoring of all work areas.

CCTV cameras are available to monitor and record activities on the client floor and are retained for a period of 90 days at least before being over-written for all the areas accessing, storing or processing client’s information, with CCTV cameras installed on all entry/exit points recording all inward and outward movement to the secure dedicated operation area for client services.

Dedicated operation area are defined for client shop running out of our site.

Security guard is deployed on 24x7x365 basis at the entry and exit gates of the premises to control physical access control.

Identification badges are provided to employees, visitors, contractors and third-party personnel entering the premises.

No client or its customer data is stored in paper/hard copy format within the our premises. In case any information in paper or hard copy format is not required it shall be destroyed by shredding and we provision for a shredder to destroy confidential printouts within the client dedicated operation area.

No person working on client is allowed to bring in any external storage device, i.e. portable HDD, pen-drive etc. or take data in any form (soft or hard copy) outside of client dedicated operation area. Proper checking of agents needs to be undertaken when he/she enters the site and when he/she leaves the site for any kind of paper, devices such as pen-drives, hard drives etc.

Users/resources/agents are required to deposit/handover all restricted articles, i.e., smartphones, recording devices, mass storage devices etc. before entering client dedicated operation area.

Users/resources/agents shall not be allowed to take any notebook/papers outside of the client dedicated operation area (no paperwork).

Register are maintained to record entry and exit of visitors, contractors and third-party personnel, and shall be escorted at all times.

Adequate fire detection and prevention measures are in place.

We conduct background checks on all its personnel engaged in providing services to client. It includes below checks:

  •   All qualification checks
  •   Employment (current and previous) check
  •   Address check
  •   Court check, national crime database check or Police verification or valid Passport

Access Control

All client data shall be physically or logically segregated from our other customers. Service Provider will have to implement safeguards and controls to limit access to client data to those employees whose role requires such access, and to prevent any unauthorized access.

We abide by a policy of least privilege for granting logical access to the systems part of the platform to employees by granting access only to the systems they are required for their job functions. This includes operating system permissions, file access, user accounts, application to application communications, APIs, and other relevant authorization components. The platform has the capability to assign activities to roles, and map roles to users and provide role-based access to users.

  •   Local Area Network (LAN) is physically or logically separate from rest of the network. Only client services run from a dedicated network.
  •   No person from within client dedicated network and dedicated operation area is allowed to connect to the internet via modem, router or any other similar means.
  •   No local administrator/privilege user credentials of workstation are shared with users/resources/agents.
  •   No mobile devices including but not limited to laptops of any kind are allowed to be connected on network, unless approved by the client.
  •   All individual users/agents/resources have their own login credentials and they do not share the same with other users/agents/resources.
  •   In case client data is to be stored on a shared/common file server, the access to the client data is to be provided to authorized client process members only through Active Directory or equivalent system.

Data Storage

Customer information is processed solely on clients’ designated systems, if required, and that no client data at any time is processed on or transferred to any server/workstation computing device outside of the secure operation area for client services.

Data Encryption

We store all client data including customer’s personally identifiable information under current legislation or regulations in encrypted form, using a commercially supported encryption solution. Encryption solutions will be deployed with no less than a 256-bit key for symmetric encryption or a 2048 (or larger) key length for asymmetric encryption.

Incident Management and Security Breach Notification

We comply with all applicable laws that require the notification to individuals in the event of unauthorized release of personally identifiable information or other event requiring notification under applicable law, Service Provider to:

  •   Maintain a centralized security incident tracker wherein details of all security incidents occurred in Service Provider environment should be logged and tracked to closure.
  •   Notify client by telephone to its contacts for the engagement relationship and email of such event within 24 hours of discovery.
  •   Assume responsibility for informing all such individuals in accordance with applicable law and indemnify, hold harmless and defend the client and its trustee, officers, and employees from and against any claims, damages, or other harm related to such notification event.