Following the tenets of security by design, security is at the heart of how we build our products, secure your data and provide high resiliency. We have a top-down governance and security in our thinking DNA that we constantly wade our threat vectors and calibrate to strengthen our security posture. That way, we align to the changing business and technology landscape.
The Information Security Streering Commitee (ISSG) comprising of the executive leadership members sets the tone and drives the agenda for information security practices.
Ensure that the information security road-map is well thought through factoring all customer, regulatory and contractual requirements and is adjusted for internal and external threat vectors.
On a monthly basis, the ISSG takes stock of the various information security initiatives or projects and provide recommendations on the direction or resolves any roadblocks.
Ensure that adequate expertise is available for all the information security initiatives. The ISSG provides the required technical inputs and ensures that Freshworks leverages from the guidance of necessary security mavens from internal and external sources.
Ensure that adequate people and financial resources are made available to various initiatives for effective execution.
Inclusive and transparent governance that is risk aware and customer centric.
The information security team reports to the ISSG and takes care of newer initiatives and projects, ensuring compliance on steady-state and delivering continuous improvements to the security posture.
The information security team assesses security risks annually and on an ongoing basis when major changes occur. The various feeder channels that are factored for risk management includes findings from audits, incidents, changing threat landscape, and changing contractual / regulatory.
Responsible for ensuring that information security requirements are adhered to in the application architecture, and technology landscape.
Freshworks gets audited by independent audit entities either from the internal organization or from independent external bodies.
Freshworks audits its products, processes and vendors based on a risk based cadence such that all entities are audited at least once in a year.
The audits findings are reported directly to the ISSG and the Information Security team tracks and reports the remediation of the audit findings till its closure.
Policies and procedures in line with ISO 27001:2013 standards are defined and regularly audited.
The processes are reviewed annually and any changes are communicate to all relevant employees.
Requirements for responsible handling of data including any types of personal information are communicated to all employees as part of their induction into Freshworks.
Further any changes to any of these requirements are communicated as and when it is rolled out and an annual refresher training is conducted for all employees.
All employees sign an agreement of data confidentiality when they join Freshworks. Data includes all information including any client information that they become aware of.
Confidentiality agreements are also signed with all its vendors or sub-processors along with appropriate services contracts with them.
Our Code of Conduct is a set of common rules and standard of ethics that every Freshworks employee is expected to follow in letter and in spirit.
These are basic principles of appropriate conduct that will bind every person in our company.
It sets out our values, responsibilities and ethical obligations. It is intended to act as a guidance for our employees for handling difficult ethical situations related to the business - to do the right thing!
Freshworks takes its work culture and any deviation from it seriously. So employees are encouraged to speak up about any violations.