Integrated ISO 2000 & ISO 27001 Implementation

Projects

Industry: Financial Services

Organization

India’s fastest growing financial services group. It offers an integrated suite of financial services including asset management, life and health insurance, lending, broking, investment banking, and wealth management.  Headquartered in New Delhi it is listed on the Bombay Stock Exchange (BSE) and National Stock Exchange (NSE) in India.

Context

To meet the obligation of third party attestation of their security posture and reduce the risk associated with the highly sensitive financial data they process; this financial services firm decided to work with our consultants before their Initial Public offering to position them for ISO 27001 certification. After due deliberation, it was envisaged as a route to improve the IT Service Delivery and support operations.
Regular Compliance Audits are being conducted by us.

Solution

The consultants worked closely with the IT Team to:

  • Reduce the costs associated with demonstrating conformity with existing, and presumed future, compliance requirements;
  • Simplify the process of managing and demonstrating compliance with legal and client specific regulations, including the requirement for independent third party attestation; and,
  • Improve the net security and service management level of the organization, which was known to be deficient in key areas, most notably controls over Personally Identifiable Information (P II).
  • Fast Track approach to Certification with support from Management adopted

Result:

The ISO 27001 certification was achieved.

  • ISO 27001 & ISO 20000 Certification Reduced Compliance Costs and Risk
  • Clear Roadmap for Continual improvements for
    • Quantifiably Lower Risk.
    • Increased Business Partner Trust
    • Simplified Compliance Management

Tighter Integration of Information Security Risk Management with the company’s Enterprise Risk Management Program.