Our Facility

EP’s home office is located in Nashville, Tennessee.  EP’s processing center is located in New Krishna Park, New Delhi in a modern facility with security around the perimeter of the building, as well as security within the building (ID checks upon entry and card access).  Our facility conforms to stringent security measures, including meeting ISO 27001 standards and biometric access, access card, CCTV monitoring, and round-the-clock physical security.  Here is a summary of the security features that the EP India office implements:

Physical Security Features

  • EP India owns and uses power generators to continue work during power outages and failures.
  • Employees are not allowed to use writing utensils of any kind while in the office. No writing utensils or paper are on employee desks or near workstations.
  • Employees do not have access to printing devices of any kind. Management exclusively has access to the only common network printer.
  • Physical access to the office is restricted by swipe cards. This access is provided to monitor and control entry and exit of employees as well as other persons.
  • Employees are not allowed to keep their mobile phones or bags with them. Cell phones, purses, and any other personal items must be left in a locker while they are at their desks.
  • Employees are not allowed to carry anything in or out of the office.
  • Background checks are completed on each employee before hiring.
  • EP India uses a shredder to dispose of all papers that contains or may contain personal or sensitive information.
  • Random physical searches of employees’ person and workstations are routinely done.
  • The main room containing server, CCTV feeds, and computer control equipment is kept in a locked room inaccessible to employees.

 

Technical and Electronic Security Features

  • CCTV cameras are in position to capture each and every activity of employees.  Management is constantly monitoring camera feeds.
  • Recordings from the CCTV cameras are kept for at least 6 months.
  • USB ports on all employee computers and laptops are blocked to prevent data theft or misuse.
  • No CD burners or other type of media that would allow those with access to workstations to copy and remove data from our facility.
  • FileZilla, a file transfer protocol application, is used for secure file sharing between the employees and the office IT management.
  • Management changes all passwords for FileZilla every 90 days.
  • Data shared through Filezilla is encrypted (128-bit encryption) during file sharing.
  • All employees use only a wired CAT-6 Internet connection.  Wi-fi connections are not used unless on special occasions, and only then by upper management upon an e-mail sent in advance to IT management.
  • Social media and any type of messenger applications are prohibited and blocked, except where such social media applications are required to be utilized as a part of a contract to perform services.  Any type of messenger software included on employee laptops have been uninstalled.
  • EP India utilizes a parental control software, a “keylogger” application, on each system to monitor day-to-day activities of the employees on the system.
  • EP India severely restricts Internet access and only allows our team to access websites that EP management deems necessary, as required for providing its services.  All web traffic is restricted by a digital and physical firewall and monitored regularly.
  • Documents are shared and transferred via Citrix ShareFile unless the customer insists on their own file sharing method.  ShareFile is both HIPAA and HITECH compliant.  EP’s information is stored on HIPAA-dedicated servers, and EP has executed a Business Associate Agreement (“BAA”) with Citrix ShareFile. More information can be found at the website: https://www.sharefile.com/
  • All incoming and outgoing e-mails which are received or sent by the employees are monitored.
  • Outgoing e-mails are restricted to specific domains (e.g.: no allowing outgoing mails to personal e-mails like Yahoo! or G-mail, etc.).
  • EP India uses a professional e-mail hosting service which provides unique incoming and outgoing e-mail servers to prevent any risk of misusing e-mails.
  • Administrators have the ability to and implement shadowing employees’ work sessions to monitor activity.
  • Employees are required to keep any sensitive data file on system’s desktop.  The employees’ laptops are audited to confirm this restriction.
  • All login information is controlled by the team Manager in India.  The manager will log-on users each morning to the accounts they need to access to complete their work for the day.
  • All workstations (approx. 130) are checked once a month to maintain the security level of the systems.
  • Administrative privilege hierarchies are in place.  All employees work as “Standard Users” on respective workstations, not having access to full administrative privileges.  Installations of any unauthorized software or application are prohibited and prevented.
  • A virtual support portal is in place to maintain a record of errors that occur on the system and steps that are taken to resolve any issues.
  • Data is backed up routinely.  EP India management implements proper back-ups in two different drives which are stored within the office and in a location outside the office as well.
  • Virtual registers are maintained to record assets going out and coming in.
  • Employees use dual monitors to work for efficiency and accuracy.
  • EP India recommends its customers to provide it with unique and restricted usernames and passwords to their accounts.
  • Password policy to login into workstations are in place; passwords for workstations change every 90 days.
  • Optimization of each system is scheduled on monthly basis.
  • Proper anti-malware applications are used to protect all computer systems.

Administrative Safeguards and Employee Safety Features

  • EP India has a policy of “clear desk and clear screen.”  Employees must logout of workstations when they are not present at workstations.
  • Laptops are owned by Employee Pooling.  No personal devices are used for work in our facility.
  • All employees have signed non-disclosure agreements.
  • HIPPA and privacy law training is periodically given to each and every employee and upon hiring all employees to make them aware of best practices and the implications of misusing data.
  • Company leaders are trained on emergency response and fire safety drills.
  • The office contains all the amenities an office in the U.S. has, including air-conditioning.
  • Fire extinguishers and first aid kits are kept in the office.
  • Cell phones, recording devices, and any other communication media are prohibited while employees are on the work floor.
  • Management changes all passwords every 90 days for all devices.
  • Data retention and deletion policies are clearly defined.
  • EP India runs a proper attendance system utilizing biometric data to track the time of working hours of each employee.
  • EP India employs a security guard with a metal detector at the main entrance of office premises who keeps all the records for each visitor.
  • EP India implements protocols for guests that visit the EP India office.  All guests are required to go through a security checkpoint at the main security counter and are instructed to wait in separate waiting area until the guest can be escorted by EP India management.
  • EP India company policy prohibits any alteration of customers’ files or documents.
  • EP India has a privacy liability insurance policy with Allied World Assurance Company that covers privacy and network security, notification and credit monitoring, crisis management, and data forensics.  In case of breach, EP India is to contact its insurance provider who will provide it with immediate and ongoing instructions.
  • If any employee is absent, no other EP India employee is allowed to use the absent employee’s workstation without permission from IT management.
  • Employees are not allowed to keep any important, sensitive, or personal data on their workstations.
  • EP India has implemented a monitoring system, both online and offline. All systems are put under online as well as offline monitoring systems before handing out to the employees to work.
  • EP India has implemented monitoring systems for network monitoring. EP India receives two kinds of feedbacks from this monitoring:
    • Real time monitoring.
    • Time lapse (every two hours) monitoring.