Chapter 5: Building a security-conscious company

In the previous chapters, we explored the measures we've taken to safeguard our IT environment and data. Yet, we recognize that fostering a security-conscious company is crucial, given the constant technological advancements. In addition to comprehensive protection of our IT environment, we’re committed to instilling a culture of security amongst all of our employees. Here's how we're achieving that:

Security and privacy awareness trainings

Every year, we conduct security and privacy awareness (SPA) trainings to educate employees on crucial aspects of IT security and data protection. These modules contain extensive learning material on the following:

  • Informative videos about core concepts of security and privacy
  • Interviews from our IT leaders and in-house security experts
  • Review of our security posture in the past year
  • Our goals for the next year in terms of enhancing data protection
  • Updates on security and privacy standards across the world
  • Security-conscious practices that our employees can follow

We follow up such training with assessments where we assign each employee a particular score. The employees retake the tests until their reporting managers deem their scores to be satisfactory.

Apart from these yearly assessments, we also conduct competitions themed around data security and privacy to make the concepts reach more employees.

Security audits

We conduct thorough security audits besides regular internal audits to evaluate the security posture of each team. Security audits are mandatory during the following scenarios:

  • Developing a new feature in our offerings
  • Making changes to existing features
  • Introducing a new IT process
  • Discontinuing an existing IT process
  • On-boarding a new vendor
  • Introducing policy changes

Multiple other scenarios require security audits. Our security audits team makes such decisions on a case-by-case basis.

Bug bounty program

We collaborate with the security community outside ManageEngine by inviting them to let us know when they've found a potential security vulnerability. We provide monetary rewards to vulnerability reporters based on the severity, impact, and exploitability of the reported vulnerability.

Vendor assessments

We’ve fortified our third-party risk management program by conducting meticulous assessments of our vendors. We delve deep into their infrastructure, capabilities, security posture, and adherence to stringent security standards. This program extends not only to our vendors, but also to our valued partners.

Certifications

Our robust Information Security Management System (ISMS)—based on the ISO standards—addresses our security objectives based on the risks and mitigation strategies involving all stakeholders. We proudly hold ISO 27001, ISO 27017, and ISO 27018 certifications, affirming our adherence to these standards.

In addition, we maintain compliance with esteemed standards such as SOC-1, SOC-II, PCI, and other relevant certifications. We also have certifications specific to our products. Explore our comprehensive list of certifications here, showcasing our commitment to maintaining industry-leading security practices.

Conclusion

In the ever-expanding realm of threats, we understand that absolute security remains an elusive goal. Forts can be breached, and no company can confidently claim invulnerability. However, at ManageEngine, we’ve embraced a different approach. We’ve built a company where security reigns supreme, and where protecting our assets and customer data is at the core of everything we do.

This e-book serves as a testament to our unwavering commitment to prioritize security in every facet of our IT environment. It showcases the comprehensive measures we have implemented and the robust frameworks we’ve established. But our journey does not end here.

In the future, we’ll continue to innovate and develop technologies that bolster the security of our environment. We will persist in our mission to instill a culture of security consciousness within every employee and vendor, empowering them to be vigilant and proactive in their roles. While we cannot promise impenetrability, we can promise an unwavering dedication to forging a security-conscious company.

As our frameworks, methods, and principles strengthen in the future, we may present you with another e-book, sharing further insights and advancements. Because at ManageEngine, we believe that by standing united in our commitment to security, we can navigate the ever-changing landscape of threats and emerge stronger than ever before.

Putting together your sales enablement starter kit

Introduce your inbox to a whole new perspective

By clicking 'keep me in the loop', you agree to processing of personal data according to the Privacy Policy.