Security

At People2.0, security and privacy are foundational to our business. 
Our Information Security Management System spans five ISO 27001 certifications worldwide, supported by a defense-in-depth architecture, rigorous testing, and continuous monitoring to protect and respond proactively. 

Dedicated Information Security & Privacy Team 👥 

• We maintain a centralized Information Security & Privacy organization led by our Global Chief Information Security & Privacy Officer , who oversees strategy, governance, policy, and cross-regional alignment.
  • This team works across regions, business units, and technology stacks, and collaborates with legal, compliance, risk, and operations to ensure security and privacy are embedded in every aspect.
  • The team is responsible for policy development, risk management, audit coordination, breach response planning, vendor security evaluation, awareness programs, and continuous improvement initiatives. 

1. Global Assurance Through ISO 27001 🏛️

• People2.0 holds ISO 27001 certification in North America, the UK, the EU, India, and Australia, anchoring our security practices to a globally accepted standard.
  • Our ISMS is designed to address the full suite of ISO 27001 controls (Annex A domains), with regular internal and external audits to validate and adjust compliance.
  • Across geographies, we apply a unified risk assessment, control implementation, monitoring, and continuous improvement model. 

2. Defense-in-Depth via Tier-1 Tooling + Expertise 🛡️

We pair best-in-class technology with human oversight, testing, and readiness: 

• Endpoint / Host Protection: SentinelOne EDR + Windows Defender use AI, behavior analysis, threat prevention, and automated containment 

• DNS / Web Filtering: Cisco Umbrella defends at the edge of domain and routable threats 

• Email & Phishing Protection: Cloudflare Area1 screens incoming email for phishing, BEC, and targeted attacks 

• Identity & Access Management: OKTA enables centralized identity control, MFA, single sign-on, and least-privilege enforcement 

• Application / Code Security: Snyk is embedded in our SDLC pipelines to identify vulnerabilities in dependencies, containers, and code 

• Penetration Testing: We engage internal and external pentesters to probe applications, APIs, and infrastructure—simulating adversaries to uncover weaknesses 

• SIEM / Analytics: Rapid7 processes event logs, correlates anomalies, and triggers alerts across platforms 

• Anti-Ransomware / AI Defense: Halcyon AI adds behavior-based detection and protection against ransomware and sophisticated threats 

• 24×7 Monitoring & Oversight: Two global Security Operations Centers vigilantly monitor and escalate incidents based on defined protocols 

• Incident Response & Forensics: We retain S-RM DFIR to assist in containment, root-cause investigation, and remediation when needed 

By layering AI, automation, intelligence, human analysts, and testing, we reduce dependence on any single control. 

3. Governance, Process & Oversight 🧭

• Our ISMS is overseen by senior leadership and internal security governance committees to ensure alignment with corporate risk and regulatory mandates.
  • We maintain a robust risk management program, continuously assessing, prioritizing, treating, and monitoring security risks across business units, regions, and technology domains.
  • All employees, contractors, and third-party vendors must complete role-based security awareness training, phishing simulations, and secure coding practice refreshers. 
  • Policies, procedures, and standards are versioned and reviewed regularly, with updates driven by evolving threats or regulatory change. 
  • We enforce third-party security assessments and vendor due diligence; external systems and partners must meet our security criteria before integration. 

4. Transparency, Accountability & Trust 🔍

• We maintain audit-ready logs, summarized security metrics, and certification evidence, shareable with clients under appropriate confidentiality or contractual terms.
  • If a security incident occurs, we follow a documented incident response playbook, engage DFIR support, notify stakeholders, and conduct root-cause and lessons-learned analyses.
  • Independent audits, external certifications, and external pentesting / forensic partnerships bolster objective oversight and accountability. 

5. What This Means for Clients 🤝

• Consistent Protection: Wherever your data resides, it’s subject to the same baseline controls and oversight.
  • Layered & Tested Defense: Multiple, overlapping controls help reduce single points of failure.
  • Proactive Testing & Hardening: Penetration testing uncovers weaknesses before adversaries do. 
  • Resilience & Response: AI + automation + human SOCs + forensic support give us capacity to detect, contain, and recover. 
  • Assured Confidence: ISO certifications, audit reports, and external testing provide tangible evidence for your security and compliance teams. 
  • Managed Risk, Not Perfect Guarantees: We don’t promise zero risk, but we commit to deploying industry-leading tools, rigorous controls, continuous testing, and transparency.