- About Us
- Business Intelligence
- Corporate Governance
- Enterprise Risk (ERM)
- Internal Audit
- Information Risk
- Fraud Risk
- Operational Risk
- Reputation Risk
- SSAE 16 Reporting
- Political Country Risk
- Security Consulting
- Service Brochures
- Human Capital Services
- Training Calendar
- Risk Webinars
- Women Safety Training
- Contact Us
Information Risk Management Consulting
In an environment of escalating information security threats, technology outages, data integrity and quality issues, corporate governance concerns and privacy regulations, organizations need to be sure of the integrity, confidentiality, and availability of their paper & electronic information and underlying systems. This requires information handling, communication & storage systems that are properly deployed, monitored and controlled.
With increasing regulatory norms being enforced for companies, managing risks affecting confidentiality, integrity and availability of vital information assets has become one of the most important business drivers as well as a key differentiator from competition.
We have modeled our service offerings around the information risks with focus on service delivery, execution, and client satisfaction. We offer following services:
1. Dipstick review
Dipstick review is a high level look at the significant risks affecting information assets and a quick look at the controls. This review is suitable for a quick and dirty look at the low hanging fruits or for setting context for a bigger review.
2. Information Security Audits
Based on the global control frameworks such as ISO 27001, COBIT & ITIL, the IS audit service is meant to augment the regular internal audits and provide expertise on information security controls. The audit covers regulatory compliances, adherence to internal policies and procedures, second party vendor audits, readiness checks for certifications, and compliances like Information Technology Act of 2000, UK’s Data Protection Act 1998, HIPAA, GLB & SOX. The audit findings help organizations in identifying the level of compliance and areas of improvement.
3. ISO27001 Certification
ISO 27001 is a global standard for information security practices. Originating from the British standard BS1799, ISO 27001 certification goes beyond traditional IT security and also includes other important risk areas such as employee related risks (during hiring, employment, transfers and termination), Physical/environmental risks, compliance related risks, business continuity risks, senior management commitment, linkage to risk management etc. There are 133 specific controls across 11 domains and certification is given by the external certification body only against demonstrable implementation of controls.
-ISO 27001 design & implementation consulting – ISO 27001 consulting including gap assessments, policy and procedure design, risk assessments, information systems controls design and evaluation. We follow proven methodologies to enable your organization get certified to ISO 27001 standard and sustain the certification. We can also provide entire lifecycle support with periodic audits and assessments, risk analysis to ensure that after certification the client is ready for the periodic surveillance audits.
-Pre-certification assessments - A pre-certification audit is a high level evaluation indicating where your company currently stands in compliance with specific standards (ISO 27001, BS 25999) before the main certification audit. This audit is conducted under certification audit conditions and non-conformances are identified for the client’s action. Pre-certification Audit provides information as to how an organization’s current practices compare to the relevant certification requirements
4. Business Continuity/Disaster Recovery/Crisis Management
Ensuring Business Resilience and providing immediate, accurate and measured response to emergency situations. Facilitate the recovery of Critical Business Process to reduce the overall negative impact on Business and revenue.
-Business Impact Analysis – identifying process criticalities, recovery priorities & resource requirement
-Testing services – testing of various intensities from a walkthrough, desktop scenario to full BCP test
-BCP plan development – Design and development of BCP plan so that BCP strategies & tactics are in sync with business objectives. We also provide entire BCP lifecycle support.
5. BS 25999 implementation services
BS 25999 is a formal standard released by the British Standards Institute and provides guidelines on the system, response strategies, maintenance, improvements, and implementation of business continuity plans. It demonstrates to the stakeholders such as your customers that you will meet expectations despite any business disruptions due to disasters. The certification is awarded only after there is evidence that all requirements in the standard are fulfilled. We provide implementation against standard and maintenance services.
6.Third party/outsourcing risk reviews
Review of risk management practices at your third party locations. Whether your third party service provider provides only services or holds data for you, regular risk reviews will mitigate the potential of breach of confidentiality, integrity & availability of information at Service Providers.
Our team has fully qualified Information Security Professionals with Certified Information System Auditors - CISA, Member Business Continuity Institute - MBCI, Certified Internal Auditors - CIA, ISO27001 auditors. . Our team has worked with diverse BFSI firms in India, US and UK with strong implementation experience with ISO 27001 certification, compliance frameworks satisfying UK’s Data Protection Act 1998, UK FSA’s Treating Customers Fairly, BCP mandates, US HIPAA and GLB as well as SEC regulations