Digital Security and Customer Privacy
Information security compliance and data protection are an integral part of our service offering. We are committed to providing continual assurance to our clients and other stakeholders through the implementation of a robust internal information security framework and by demonstrating compliance with globally accepted industry standards.
We have achieved ISO 27001 information security certification and are ‘Payment Card Industry Data Security Standard (PCI DSS)’ certified under the category of ‘Level 1 Service Provider’ for all client processes that either ‘store’, ‘process’ or ‘transmit’ cardholder information. We undergo enterprise-wide SSAE 18 / ISAE 3402 SOC 1 and SOC 2 Type 2 audits for our general control environment. We also ensure compliance with various region-specific data privacy and anti-spam laws as well.
Along with their sign-off on CoBEC and an information security handbook, our employees must complete a computer-based information Security Awareness Program (iSAP). We also offer our employees cyber security scenario-based training and conduct evaluation on handling advanced threats.
We have a dedicated Information Security team which is led by the 'Chief Information Security Officer’. The team periodically shares the compliance status with the Risk Committee. The Risk Committee, which provides oversight of the information security program, comprises top management personnel including the Leadership Group and is chaired by our Group CEO.
Client and Data Privacy During Remote Work
Safeguarding data with the highest standards of privacy controls, in line with our information security policies and client-defined guidelines, has remained our priority throughout our transition to remote work.
To that end, we developed a well-defined remote working security governance strategy that focuses on securing remote endpoints, the adoption of AI / ML based user behavior analysis to detect anomalies in user behavior and provide early alert, robust incident response methodology, and more.
To enhance visibility of threat vectors and actors taking advantage of the current crisis, we have leveraged third-party digital risk protection solutions. These provide real-time alerts and intelligence on new cyber threats, patterns and threat actors to give monitoring an outside-in perspective. The solutions include:
- Curated threat intelligence integration with Security Information and Event Management
- Credential leakage detection on dark web
- Phishing and brand abuse detection, including monitoring of phishing forums
- Monitoring public internet protocol, domain name system or application infrastructure
- Data-driven dynamic measurement of our cybersecurity performance using a leading security rating platform
All our remote employees must confirm secure access and usage by signing off on “end user guidelines for remote working. We also limit the use of employees’ systems for required purposes, to maintain data privacy and confidentiality. Rigorous awareness campaigns, unique webinar series conducted by the InfoSec leadership, scenario-based training and simulated phishing testing are some of our other initiatives to enhance security and compliance in a virtual work environment.
Responsible Supply Chain and Supply Management Governance Framework
Responsible Sourcing is adopted as one of the key tenets of the ESG framework at WNS, which is visible in the goals of our Supply Management function. To this end, we have created the WNS Supplier Portal – an internally-developed, automated supplier management tool which was launched in 2020. The portal serves as a digital repository of over 3,000 vendors with integrated onboarding, risk assessment and disclosure management solutions.
The Supplier Portal is a meaningful step toward strengthening our KNOW YOUR BUSINESS PARTNER PROGRAM. It not only meets the regulatory requirements for anti-bribery and anti-money laundering laws but also empowers our suppliers with fair business practices toward vendor evaluation and selection, including equal opportunity, transparency and accountability.
It also allows suppliers to disclose their diversity status and sustainability initiatives to WNS’ Supplier Diversity Program at the time of their onboarding. As a digital repository of vendors, our portal allows third-party evaluation / validation and updating of the risk / diversity status of the vendors on a regular and ongoing basis.
Our Supplier Diversity Program (SDP) offers a competitive marketplace for deserving suppliers and promotes an environment of merit-based evaluation and selection by providing a level playing field for all the suppliers.
As part of this initiative, suppliers have the option to provide their diversity status if they fall in one or more of the following categories:
- Small business (indigenous, localized businesses)
- Under-represented business (owned and managed by disadvantaged communities)
- Distanced business (located in remote or tribal areas, with little or no access to commercial markets)
WNS’ association with our business partners is based on both operational excellence and a solid governance framework. The alignment of our suppliers with WNS’ ethical and governance standards is protected by our compliance charter, which is outlined in our Supplier Code of Conduct . This document highlights the mutual commitment we have toward the responsibilities and obligations for sourcing responsibly.