With great trust comes great responsibility

Following the tenets of security by design, security is at the heart of how we build our products, secure your data and provide high resiliency. We have a top-down governance and security in our thinking DNA that we constantly wade our threat vectors and calibrate to strengthen our security posture. That way, we align to the changing business and technology landscape.

Tone at the top

The Information Security Steering Committee (ISSC) comprising of the executive leadership members sets the tone and drives the agenda for information security practices.

Information Security Road-map

Ensure that the information security road-map is well thought through factoring all customer, regulatory and contractual requirements and is adjusted for internal and external threat vectors.

Information Security Governance

On a half-yearly basis, the ISSC reviews information security initiatives, projects, current security posture and provides recommendations on the direction or resolves any roadblocks.
 

Information Security Expertise

The ISSC ensures that adequate expertise is available for all the information security initiatives, leverages the guidance of security mavens from internal and external sources.

Key Resource Allocation

Ensure that adequate people and financial resources are made available to various initiatives for effective execution.

Governance, Risk & Compliance (GRC)

Inclusive and transparent governance that is risk-aware and customer-centric.

Information Security Team

A dedicated group of information security professionals (GRC experts, Security Architects, Technical Security Engineers, Security Operations Specialists, and Security Advisors) handles information security duties. The information security team reports to the Chief Risk Officer (CRO) and takes care of newer initiatives and projects, ensuring compliance on steady-state and delivering continuous improvements to the security posture.

Risk Management

The information security team assesses security risks annually and on an ongoing basis when major changes occur. The various feeder channels that are factored for risk management includes findings from audits, incidents, changing threat landscape, and changing contractual / regulatory.

 Technical Security Compliance

Responsible for ensuring that information security requirements are adhered to in the application architecture, and technology landscape. Application security assessments such as Code reviews, Vulnerability Assessment, and Penetration Testing (VAPT) are carried out on a periodic basis both internally and by independent third-party accredited firms.

Audit and Compliance 

Freshworks gets audited by independent audit entities either from the internal organization or from independent external bodies.

Freshworks audits its products, processes, and vendors based on a risk-based cadence such that all entities are audited at least once a year.

The audit findings are reported directly to the ISSC and the Information Security team tracks and reports the remediation of the audit findings till its closure.

 

Policies and procedures

Policies and procedures in line with ISO 27001:2013 standards are defined and regularly audited. 

The processes are reviewed annually and any changes are communicate to all relevant employees.

Training and awareness

Requirements for responsible handling of data including any types of personal information are communicated to all employees as part of their induction into Freshworks.

Further any changes to any of these requirements are communicated as and when it is rolled out and an annual refresher training is conducted for all employees.

Confidentiality agreements

All employees sign an agreement of data confidentiality when they join Freshworks. Data includes all information including any client information that they become aware of.

Confidentiality agreements are also signed with all its vendors or sub-processors along with appropriate services contracts with them.
 

Code of conduct

Our Code of Conduct is a set of common rules and standard of ethics that every Freshworks employee is expected to follow in letter and in spirit.

These are basic principles of appropriate conduct that will bind every person in our company.

It sets out our values, responsibilities and ethical obligations. It is intended to act as a guidance for our employees for handling difficult ethical situations related to the business - to do the right thing!

Freshworks takes its work culture and any deviation from it seriously. So employees are encouraged to speak up about any violations.