Our Security & Privacy Program

Our partners include health care companies, financial services companies and others that require specialized and robust security and privacy policies. To that end, some of our sites are HIPAA compliant and we are in the final stages of gaining ISO27001 certification.

Whether you’re currently partnering with us, or considering the possibility, our vision is to promote transparency around our program both for our benefit and yours - to promote our continuous improvement in security while assuring you that we’re taking those necessary steps to protect your data.


What are PartnerHero’s security standards?

We build our security standards around the ISO 27001 information security framework. Following a well-established, international framework ensures that we are hitting our marks and including all the requirements of a comprehensive information security program. Utilizing a recognized standard also helps us easily become an extension of your security program, no matter where you operate globally.

Our program and policies include components such as:

  • A set of global security policies that govern secure data handling and operations for our organization.
  • Regular security and privacy risk assessments performed jointly between our Data Protection Officer and each of our partner teams, enabling risk identification and continuous improvement.
  • An extensive onboarding and security & privacy awareness program for our associates, including a wealth of educational materials that are publicly available and growing over time.
  • A robust access management process that includes single sign-on and multi-factor authentication for our own infrastructure, formal change controls (more on this below) and tight communication with your team whenever we have personnel changes.
  • Controls designed to ensure a secure workspace, whether our associates are working in one of our office spaces or are part of our Remote+ program. This includes secured entry with access control and cameras, biometrics, VPN, and more.
  • A cloud-centered set of apps and tools which enables quick team relocation for business continuity flexibility.
  • An incident response protocol that enables us to respond quickly to security and privacy issues, wrapping your team into the communication channel when needed.

My company has special guidelines for data handling. Can PartnerHero incorporate these?

Absolutely. Part of our onboarding process includes a thorough review of your guidelines and procedures - your dedicated program manager will work to adopt and synthesize those procedures into your PartnerHero team’s day-to-day operations. Whether it’s a communications process or a tools workflow, we’ll integrate it as our own and train our associates appropriately on it.

How does PartnerHero interact with my data?

Because we’re a BPO services company, we’re all about “plugging into” your team and adopting your processes and tools as our own. This includes any specific procedures you might have in place as part of your own security and privacy operations.

Each of our partner teams is led by a program manager who will work closely with you during onboarding, and translate your requirements across to the PartnerHero leads and associates that will become part of your team.

When it comes to expertise within the tools and applications you use, we integrate your materials into our own training program, and even create new materials with you if there’s a need for enhancement.

How do PartnerHero associates handle my data?

We work with partners from many different markets, and that means handling sensitive data governed by multiple regulatory categories. Our associates are trained to properly handle payment card and personal financial information (PCI-DSS), personal health data (HIPAA) and sensitive personal data governed under privacy regulations such as GDPR and COPPA.

Our data protection policy and associated training is designed for our globally-distributed workforce - it’s establishes a unified data handling standard that will translate to any of our partners’ environments.

How does PartnerHero handle associate onboarding and offboarding, and access changes?

PartnerHero maintains a formal change management process for onboarding, role-changing and offboarding our associates - we have a documented standard with distributed responsibilities for each part of the process. Role management and access reviews are part of this standard as well - ensuring that access remains appropriate over time is a key component in access management best practices.

Because we plug into our partners’ apps and tool stacks, it’s also important that our access management process includes timely communication with you when we experience a change on our side. Whether it’s a simple email to you when we have a staffing change planned, or a trigger within your tools-based notification pipeline … we’ll customize our process to suit your needs.

How does PartnerHero ensure security on an ongoing basis?

At the time of onboarding and then once annually on an ongoing basis we conduct Security Risk Assessments across all our partners. The assessments involve sitting down with the team leadership and asking a series of probing questions to understand how data is handled on their teams.  Where does the data live? Where does it go? How does it move? How is it accessed?  We then put together a report with recommendations on how to improve data protection. 

For many of our smaller programs, these types of impact assessments are not something they’ve been able to invest in in the past and it is a chance for us to educate them around best practices. Our larger partners appreciate the transparency and diligence that this reporting entails. 

How does PartnerHero secure its offices?

Our offices incorporate physical security controls such as locked entryways accessible through proximity badge or biometrics, and security cameras on entrances, exits and other critical points within our spaces. Some of our offices also incorporate checkpoints with security personnel if deemed appropriate.

How does PartnerHero secure its infrastructure (computers, network, etc.)?

At PartnerHero, we’re all about security and flexibility. There are inherent benefits to being able to operate from anywhere - to quickly adapt and continue working with our partners when business continuity situations arise. To this end, we leverage the cloud for most of our apps and tools, and secure access to those tools with robust identity management (single sign-on and multi-factor authentication).

The server architecture for our own SaaS products (such as Aprikot) rests in the cloud as well - we leverage a stateless server approach for our application structures.

Can I review PartnerHero’s security policies? And how do I share my security concerns with PartnerHero?

If you’re a partner already working with us, reach out to your PartnerHero program manager, who can connect you with our Data Protection Officer. If you’re thinking about the possibility of partnering with us, reach out to us here and we’ll be in touch promptly. Security is a responsibility we all shoulder together, so we’ll be looking forward to talking with you about it and working through any questions or concerns that you may have.


Tell me more about the personal data PartnerHero collects from my company.

We collect only a minimum of personal data from your business specifically - data we need to keep in touch, send you newsletter updates, and work with you on a daily basis. We also have a few web-based tools we’ve developed that may collect some additional anonymized data from you if you elect to use them.

For more information about what we collect and to learn more about our privacy practices in general, we encourage you to review our privacy policy here.

My business processes the personal data of individuals. How does PartnerHero support my privacy responsibilities?

Like we mentioned above, we plug directly into your team and adopt the personal data handling practices, procedures and training that you already have in place. Combining your practices with PartnerHero’s own holistic data protection program ensures that we’ll be ready and able to responsibly interface with the various types of personal data your business collects.

Even if you’re unsure of the ins-and-outs of handling particular types of personal data, we’ll be able to step up and offer best-practices suggestions to you, sourced from our own privacy program and experience.

What privacy standards does PartnerHero adhere to?

At its core, PartnerHero’s privacy program is built upon the standards and requirements laid out by the EU’s General Data Protection Regulation (GDPR). Because the GDPR is the most evolved and stringent privacy regulation in the world, and it aligns with our philosophy of “privacy by default”, we incorporate these regulatory standards into our approach and provide privacy training to our associates derived from its recommended practices.

Adherence to GDPR standards ensures that we have a great privacy base in place, which we can expand to include additional requirements applying to various other countries around the world - wherever you may be processing your personal data.

Can PartnerHero assist my company in handling personal data requests?

Yes, we can. We’re aware of the various types of personal data requests that can come from individuals - from simple inquiries all the way up through “right to be forgotten” deletion requests. If you work with sensitive personal data within your business, and you’re required to address these requests regularly from individuals, we’re able to communicate the requests up to you as we discover them in our supporting workflows.

If you’re unsure about how to respond to these requests or you’re looking for some best-practice guidance around them, we’re more than happy to offer our expertise.

How can I ask further questions about PartnerHero’s privacy program?

Get in touch with us. 

Any requests or questions will be received by our Data Protection Officer, who will reach out to you directly to answer them and pull in additional folks to help if there are any follow-up needs. Whether it’s providing you information or working with you to tackle the particular privacy challenges your company is facing - we’re here to support you and get you the information you need.