Following the tenets of security by design, security is at the heart of building our products, securing your data, and providing high resiliency. We have top-down governance and security in our thinking DNA that we constantly wade our threat vectors and calibrate to strengthen our security posture to align with the changing business and technology landscape.

Tone at the top

The Cybersecurity and Privacy Steering Committee (CPSC), comprising executive leadership members, sets the tone and drives the agenda for information security practices.

Information Security Road-map

Ensure that the information security road-map is well thought through factoring all customer, regulatory and contractual requirements and is adjusted for internal and external threat vectors.

Information Security Governance

Every quarter, the CPSC reviews information security initiatives, projects, and current security posture and provides recommendations on the direction or resolves any roadblocks.

Information Security Expertise

The CPSC ensures that adequate expertise is available for all information security initiatives and leverages the guidance of security mavens from internal and external sources.

Key Resource Allocation

Ensure that adequate people and financial resources are available to various initiatives for effective execution.

Governance, Risk & Compliance (GRC)

Inclusive and transparent governance that is risk-aware and customer-centric.

Information Security Team

A dedicated group of information security professionals (GRC experts, Security Architects, Application and Cloud Security Engineers, Security Operations Specialists, and Security Advisors) handles information security duties. The information security team reports to the Chief Information Security Officer (CISO) responsible for the protection of Freshworks data and systems from cyber threats.

Risk Management

The information security team assesses security risks annually and on an ongoing basis when major changes occur. The various feeder channels that are factored in for risk management include findings from audits, incidents, changing threat landscape, and changing contractual/regulatory.

 Technical Security Compliance

Responsible for ensuring that information security requirements are adhered to in the application architecture, and technology landscape. Application security assessments such as Code reviews, Vulnerability Assessment, and Penetration Testing (VAPT) are carried out on a periodic basis both internally and by independent third-party accredited firms.

Audit and Compliance 

Freshworks audits its products, processes, and vendors on a risk-based cadence such that all entities are audited at least once a year.

The audit findings are reported directly to the CPSC, and the Information Security team tracks and reports the remediation of the findings until its closure.

Freshworks is also audited by independent audit entities for ISO 27001, SOC 2, and other compliances at least once a year. 

 

Policies and procedures

Policies and procedures in line with ISO 27001:2013 standards are defined and regularly audited. 

The processes are reviewed annually and any changes are communicate to all relevant employees.

Training and awareness

Requirements for responsible handling of data including any types of personal information are communicated to all employees as part of their induction into Freshworks.

Further any changes to any of these requirements are communicated as and when it is rolled out and an annual refresher training is conducted for all employees.

Confidentiality agreements

All employees sign an agreement of data confidentiality when they join Freshworks. Data includes all information including any client information that they become aware of.

Confidentiality agreements are also signed with all its vendors or sub-processors along with appropriate services contracts with them.
 

Code of conduct

Our Code of Conduct is a set of common rules and standards of ethics that every Freshworks employee is expected to follow in letter and spirit. These basic principles of appropriate conduct will bind every person in our company.

It sets out our values, responsibilities, and ethical obligations. It is intended to guide our employees in handling challenging ethical situations related to the business - to do the right thing!

Freshworks takes its work culture and any deviation from it seriously. So, employees are encouraged to speak up about any violations.