Security

At Supalogix, security is our top priority—whether it concerns our customers’ data or our own team members’ information. We tailor our security measures to each client, implementing customized technical and organizational controls for every project. Below, we outline the data protection steps taken by our Corporate Security and Technology Departments.

ADMINISTRATIVE/MANAGEMENT SECURITY

Data Organization & Classification

We categorize all data systematically to enhance both its usability and security. This approach ensures efficient protection, quick retrieval, and easier management. Proper data classification plays a crucial role in risk management, compliance, and overall data security. The classification procedure is thoroughly documented in high-level policies.

Need-to-Know Principle

Access to information is strictly granted based on job function—regardless of security clearance or other approvals. Employees only have access to the data necessary for their roles. Any request for additional access or elevated authority requires approval from Corporate Security.

Incident Response Plan

A dedicated Incident Response Team (IRT) handles security incidents swiftly and continuously monitors ongoing cases. Incidents are identified through our IPS/IDS and DLP systems or flagged by management. Each incident follows a structured lifecycle—from detection to resolution—where countermeasures are documented to prevent recurrence.

Business Continuity & Disaster Recovery

To minimize the impact of disruptions, we have established Business Continuity and Disaster Recovery (BCDR) protocols. These measures ensure swift recovery from outages, reduce the risk of data loss, and safeguard our reputation. The documented procedure is activated only in the event of significant incidents.

Risk Assessment

Our risk assessment process helps the Corporate Security and Technology Departments identify potential threats to the organization and its departments. We conduct annual risk assessments across all departments to ensure operations remain secure and resilient against potential breaches or leaks.

Staff Verification & Onboarding

Before onboarding, every candidate undergoes a thorough background check to validate their professional history and work experience. This verification process also includes a legal background check to ensure compliance, particularly for roles involving highly sensitive projects.

Security Awareness & Training

All Supalogix employees receive ongoing security training tailored to their roles. Our awareness program includes structured training sessions, phishing simulations, policy updates, and regular security briefings. Each team member has a personalized risk score and dashboard, monitored by Corporate Security to ensure continuous compliance and vigilance.

LOGICAL SECURITY

Intrusion detection and prevention system. These monitor our corporate networks for malicious activity or unauthorized access and take actions to prevent it.

RBAC

Role based access control aid in restricting system access to authorized users, and to implementing mandatory access control or discretionary access control.

DATA ENCRYPTION AT TRANSIT AND REST

protects your data if communications are intercepted while data moves between your site and the cloud provider or between two services and also protects when data is being stored for retrieval.

MFA

Multi factor authentication Stronger Security – Multi-factor authentication offers superior protection compared to static passwords and single-factor authentication methods.
Read More

Regulatory Compliance – Implementing multi-factor authentication helps organizations meet industry compliance requirements.

Enhanced User Experience – Eliminating the reliance on passwords enhances customer experience. By prioritizing seamless authentication, we improve both security and usability.
Less

PASSWORD POLICY

Our company has a strict password policy. All passwords used by employees are stored in the corporate password manager.

DLP

Data loss prevention identifies and helps prevent unsafe or inappropriate sharing, transfer, or use of sensitive data.

PHYSICAL SECURITY

CCTV and security Cameras – we use CCTV in the event of an incident, monitor the perimeter of our offices and prevent future incidents that can ward off potential external and interal threats. We have structured our company premises into designated security zones, each with specific access controls and safeguards to ensure the protection of all facilities. All Supalogix information is processed exclusively within these specially secured areas. Access to high-value, highly sensitive, or critical assets follows a strict hierarchical zoning system and operates on a least-privilege basis. Only Supalogix team members are permitted entry to our premises, with all external access strictly restricted. Entry is managed through biometric scanning on specialized devices, and every team member is issued a personal badge for visual identification within Supalogix premises.

RISK COMPLIANCE

1. Data Security & Privacy Compliance
Adherence to data protection laws such as GDPR, CCPA, HIPAA, PCI DSS (depending on industry and location).
Encryption and secure storage of customer data to prevent breaches.
Restricted access to sensitive information based on role-based permissions.

2. Call Monitoring & Recording Compliance
Ensuring compliance with laws that regulate call recording (e.g., obtaining customer consent).
Secure storage and limited access to recorded calls to protect privacy.
Regular audits of call logs to prevent misuse or breaches.

3. Identity & Access Management
Implementation of multi-factor authentication (MFA) for accessing call center systems.
Strict role-based access control (RBAC) to limit exposure to sensitive data.
Regular employee access reviews and deactivation of former employees’ credentials.

4. Fraud Prevention & Detection
Real-time fraud monitoring tools to detect suspicious activities.
Implementation of Know Your Customer (KYC) verification processes.
Employee training on recognizing and reporting fraudulent activities.

5. Regulatory & Legal Compliance
Adhering to telemarketing laws such as TCPA (Telephone Consumer Protection Act) and Do Not Call (DNC) regulations.
Ensuring fair debt collection practices if applicable (FDCPA – Fair Debt Collection Practices Act).
Compliance with industry-specific regulations (e.g., HIPAA for healthcare-related call centers).

6. Business Continuity & Disaster Recovery
Backup and disaster recovery plans to ensure service continuity in case of cyberattacks or natural disasters.
Redundant data storage and failover systems to minimize downtime.
Regular testing and updating of disaster recovery procedures.

7. Employee Security Training & Compliance Awareness
Regular security awareness programs to educate staff on phishing, social engineering, and data protection.
Compliance training tailored to industry regulations and company policies.
Continuous monitoring and assessment to ensure adherence to compliance protocols.

In alignment with the international ISO/IEC 27001:2013 standard, we continuously enhance our security framework to ensure compliance and system integrity. To successfully pass audits and maintain the highest level of security, we regularly update our security policies, conduct company-wide security training, and implement advanced incident monitoring systems. This proactive approach allows us not only to meet ISO/IEC 27001:2013 requirements but also to deliver the most secure services possible.

PCI-DSS Certification
Along with ISO/IEC compliance, our company also adheres to the international PCI DSS standard. Since our support teams handle sensitive customer data, we implement the highest security measures to prevent data leaks or corruption. To maintain our commitment to security, we undergo third-party audits and complete the PCI DSS assessment, confirming our status as a PCI DSS Level 1 Service Provider.