Please detail your IP and Data Security policy. Whose property are the sources and software application resulted from nearshore/offshore projects?
According to our IP and Data Security policy, customers own all rights to the software developed nearshore or offshore and its sources. This is also specified in the nearshore/offshore development agreement. At your request, it is possible to remove all references to ROPARDO.
How do you treat confidential information disclosed during nearshore software development projects?
During the term of our Agreement and for up to 5 years afterwards, ROPARDO undertakes to prevent the unauthorized use or dissemination of any confidential information you provide us with.
Confidential information refers to all business or technical information that the customer clearly marks as confidential. It also means we receive, access or view it in writing, visually, electronically.
Confidential information does not include any data or information that:
- we had already known before you disclosed it;
- is or has become generally known to the public in other manners than through disclosure by us;
- was provided to us by third-party sources who owe no confidentiality liability to you
We will disclose confidential information if the Romanian governing law requests it.
What policy do you have regarding marketing rights?
We deeply appreciate approvals from customers for using their commercial identity elements, such as logo and general public information already available on the customer’s website. Such information will be used on our company and product presentation websites and/or PPTs as reference for potential new assignments.
If such is the customer’s will, we agree to send them a copy of the envisaged publications before any such information is distributed.
Marketing rights are considered given free of any charge and for an unlimited period of time, during the execution and after termination (in any way) of the contractual relationship.
What Intellectual Property policies does ROPARDO have?
ROPARDO safeguards customer data by means of the data protection policies which ensures that the information managed by the company shall be appropriately protected against breaches of confidentiality, failures of integrity, or interruptions to the availability of that information. The provisions of the security policy refer to:
- information, data, regardless the form, such as hard-copy, digital, video, and audio formats;
- computing hardware and software systems which access and manipulate information;
- mobile devices and teleworking;
- physical work environment;
- network systems;
- personnel awareness, education, and training
Regularly, we review and update our IP and data security policy. This way, we ensure its conformity with changes to the law, organizational policies, or contractual obligations in force. ROPARDO maintains appropriate contacts with other organizations, law enforcement authorities, regulatory bodies, and network and telecommunications operators in respect of its information security policy. A process of risk assessment shall be carried out for each system to identify the probability and impact of security failures to determine the appropriate levels of security measures applied.
What IP and Data Security practices do you have?
Intellectual property protection is highly important for us which is why we take thorough measures to protect intellectual property and trade secrets.
First, we determine with our customers and partners what content is considered to be intellectual property or trade secret. Then, we prepare the documentation in which we include: IP policies, roles and responsibilities, process-level controls and procedural, physical and technical controls to minimize risk to a level acceptable by the management. Further on, we train our employees, customers and partners on intellectual property and trade secrets as well as on measures we take to ensure protection thereof.
Intellectual Property and trade secrets are all subject to strict security guidelines within the company, in both electronic and printed format. Our Clear Desk Policy ensures that all sensitive/confidential hard-copy material is kept secured when it is not in use or the employee leaves his or her workstation.
We strongly discourage employees and service providers working for/with ROPARDO from violating IP regulations by concluding Non-Disclosure Agreements. They are bound to observe the same level of restrictiveness and specificity as those required by our most demanding customers.
Generally, we have a well-documented procedure that limits access to company data and information through physical and digital rights. We perform frequent off-site backups so that data is stored in a secure location. Only key personnel have root access to any system.
How do you ensure security when you need to connect to the customer’s systems?
We connect to the customer’s systems using VPN and firewall restrictions. Only the VPN client is installed on the developer’s computer. No VPN access is allowed in the Ropardo network to protect all the data that is subject to non-disclosure agreements.
How do you deal with shared information?
Project related information is shared on File Server and only specialists involved in the project get read- or write- permission.
What does ROPARDO local security consist of?
We take care of our local security mainly by ensuring the following:
- a strict control of the in/out access;
- well defined permissions for each user role;
- antivirus which runs on all workstations and on the server(s);
- a data backup plan;
- mandatory and automatic updating of the operating systems with the latest security patches;
- mandatory use of complex passwords;
- automated locking of workstations;
- video surveillance;
- card based access to facilities