Contact Us

About Tru BPO

Intelligent Business Process Solutions

Transform your operations with our comprehensive BPO services designed for modern businesses. We deliver scalable, efficient solutions that streamline your processes while maintaining the highest quality standards.

  • Business Operations
  • Customer Support
  • Revenue Lifecycle Management
  • Back Office Solutions
Learn More

About Tru Digital

Digital Innovation That Drives Results

Accelerate your digital transformation with solutions tailored to your business objectives. Our team combines strategic thinking with technical excellence to deliver digital experiences that engage customers, optimize operations, and drive sustainable growth.

  • SEO & Analytics
  • Paid Media Campaigns
  • Web & App Development
  • Content & Creative
Learn More

Tru Performance Information Security Management System Policy (ISMS Policy)

Effective Date: 21 May 2025

Version: 1.0

 

1. Purpose

The purpose of this Information Security Management System (ISMS Policy) Policy is to protect the information assets of Tru Performance from all threats, whether internal or external, deliberate or accidental, to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities.

 

2. Scope

This policy applies to all employees, contractors, and third-party users of information systems and services within Tru Performance. It encompasses all aspects of information security related to the digital marketing, IT development, and BPO services provided to our clients, especially those based in North America and India. It also encompasses all data processing activities, including those involving personal data of individuals in jurisdictions governed by CCPA and GDPR, irrespective of where the data is processed.​

 

3. Information Security Objectives

Confidentiality

Ensuring that information is accessible only to those authorized to have access.

Integrity

Safeguarding the accuracy and completeness of information and processing methods.

Availability

Ensuring that authorized users have access to information and associated assets when required.

Privacy

Protecting personal data in compliance with applicable data protection laws and ensuring individuals’ privacy rights are respected.​

 

4. Policy Framework

Risk Management

Regularly assess risks to the company’s information assets and implement appropriate measures to mitigate identified risks.

Employee Training and Awareness

All employees will receive regular training on information security and its importance.

Access Control

Access to information will be controlled on the basis of business and security requirements.

Incident Management

Information security incidents will be reported and investigated to prevent recurrence.

Compliance

Compliance with legal, statutory, regulatory, and contractual requirements will be ensured.

Data Protection

Implement measures for data minimization, purpose limitation, and uphold data subject rights such as access, rectification, and erasure.

Third-Party Management

Conduct risk assessments for third-party service providers and establish data processing agreements to ensure compliance with data protection obligations.​

 

5. Responsibilities

Management Commitment

Senior management is committed to supporting ISMS initiatives to improve the overall security posture of Tru Performance.

Employee Responsibility

All employees are responsible for adhering to the ISMS policy in their day-to-day operations.

ISMS Team

An ISMS team shall be responsible for implementing, maintaining, and improving information security.

 

6. Legal Compliance and Audits

  • Tru Performance is committed to complying with all applicable legal, statutory, and regulatory requirements related to information security.
  • The company is willing to undergo periodic audits to demonstrate compliance and meet the information security obligations outlined in client contracts.

 

7. International Data Transfers

Tru Performance will ensure compliance with international data transfer regulations when handling client data across borders. The company will implement appropriate measures such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs), to protect the privacy and security of client data in accordance with relevant laws and agreements.

 

8. Dispute Resolution

Dispute resolution mechanisms related to information security matters will be established, clarifying how disputes will be resolved between Tru Performance and its clients.

 

9. Records Retention and Training Records

Tru Performance will maintain comprehensive records related to information security incidents, risk assessments, and compliance activities to meet potential legal and regulatory requirements. Tru Performance will maintain records of employee training on information security, useful for demonstrating compliance during audits or legal inquiries.

 

10. Definitions

Key terms used in this policy include:

  • – Information Assets: Any data, system, or process valuable to the organization.
  • – Security Incident: A breach or potential breach of confidentiality, integrity, or availability of data.
  • – Authorized Users: Individuals granted access to systems based on defined roles.
  • – Personal Data: Any information relating to an identified or identifiable natural person.
  • – Processing: Any operation performed on personal data, including collection, use, disclosure, or deletion.
  • – Data Subject: An individual whose personal data is processed.
  • – Controller/Processor: Roles defined under GDPR for entities that determine the purpose and means of processing or process data on behalf of another party.

 

11. Data Subjects Rights

Tru Performance acknowledges and upholds the rights of data subjects under applicable data protection laws, including:

  • – Right to Access
  • – Right to Rectification
  • – Right to Erasure
  • – Right to Restrict Processing
  • – Right to Data Portability
  • – Right to Object
  • – Right not to be subject to automated decision-making, including profiling Data subject requests will be addressed in a timely and lawful manner, and processes will be established to verify identities and document responses.

 

12. Updates to Legal Requirements

Tru Performance will monitor and assess changes to legal and regulatory requirements related to information security and data protection. The teams responsible will evaluate implications and update the ISMS policy as needed.

 

13. Data Breach Notification

In the event of a data breach, Tru Performance will follow breach notification procedures in accordance with applicable laws. Affected data subjects and regulatory bodies will be notified within the timelines stipulated under the applicable laws.

 

14. Review and Evaluation

This policy will be reviewed annually or following significant changes to the organization or the risk environment, to ensure its continuing suitability, adequacy, and effectiveness.