WNS has achieved ISO 27001 information security certification and is the Payment Card Industry Data Security Standard (PCI DSS) certified under the category of Level 1 Service Provider for all client processes that either store, process or transmit cardholder information. In addition, we also undergo enterprise-wide SSAE 19 / ISAE 3402 SOC 1 and SOC 2 Type 2 audits for our general control environment. All employees of WNS complete a mandatory computer-based Information Security Awareness Program (iSAP) and electronically sign off on an information security handbook, which is an extract of the Information Security Policy. There were no substantial complaints received concerning breaches related to customer privacy during the current financial year. We also ensure that each team member completes training in the Code of Business Ethics and Conduct (CoBEC). Employees are also made aware of disciplinary actions associated with any policy violations or data breaches.
WNS’ dedicated Information Security team, led by the Chief Information Security Officer, works toward ensuring compliance and strengthening the company’s security posture. This is accomplished through regular effectiveness reviews and audits of implemented controls, robust incident management practices, and identification and recommendation of new controls. The company’s compliance status is periodically shared with the Risk Committee. The Risk Committee, which oversees the Information Security program, comprises top company management, including the leadership group and is chaired by our Group CEO.