Data Privacy and Security

Happiest Minds has implemented a robust set of processes and controls to ensure that overall cyber security risk is managed effectively and in line with emerging threats and regulations. We continuously assess our security and privacy program via periodic internal and external audits and enhance our security framework.

Happiest Minds adopted and certified ISO 27701 – the standard for Privacy Information Management System implementing additional privacy policies and security measures to protect personal data. Initial assessments were conducted, following which our team created data flow maps, evaluated corporate functions, and assessed privacy risks by deploying mitigation measures and control accordingly.

Some of the key policies/practices include

Release of Happiest Minds Privacy Policies

Appointment of a Data Protection Officer (DPO)

Establish Contracts and Data Protection Agreements (DPA) with Third-Party Processors

Privacy Training and Awareness Programs

Performing Data Privacy Impact Assessment (DPIA)

Defining Data Breach Notification and Response Process

Our ever-increasing demand for data privacy obligations and data privacy laws across the globe prompted us to implement ISO 27701, a Privacy Information Management System (PIMS), in December 2022. This effectively helped to document and practice standardized privacy policies and procedures. With all these privacy controls already in place, we will be able to address the requirements of India’s Digital Personal Data Protection Bill of 2023 to ensure we continue to address the privacy risk and regulatory requirements.

Key Capabilities of the Integrated Information Security and Privacy System

Data Inventory

To track and record the accuracy, validation, and completion of Personal Information (PI).

Data Subject Requests

Processes, means and mechanisms are defined to facilitate data subject rights to raise requests such as data deletion, subscription, updation or opt-out of a sale.

Data Security

To promote privacy requirements such as “Privacy by design” and “Privacy by default” in the software development process, enable data security across the infrastructure to control unauthorized data access/leakages along with other existing security procedures and practices.

Vendor Management

Established a comprehensive inventory of vendors with a business relationship with Happiest Minds. Security and privacy risk assessments are conducted before vendor selection/onboarding and annually to monitor their compliance with Happiest Minds security requirements.

Oversight and Monitoring

Internal and external audits and reviews are performed to monitor and report any deviation in the security and privacy measures. With the continual enhancement of information security with emerging technologies coupled with a strong set of security controls, best-in-class technology solutions, and a robust and mature governance program, we ensure the security and privacy of information for all our stakeholders on a continuous basis.