Problem Statement

Customer wanted an independent and objective assessment of Information Security against ISO 27001:2013 ISMS, to understand the gaps and opportunities for enhancing the security posture.

Services Delivered

• Conducted a comprehensive risk assessment, identified risks across organization (Operations, Facilities, Human Resources, IT Infrastructure etc.) and provided recommendations
• Reviewed SDLC practices, IT infrastructure setup, regulatory requirements etc. and identified opportunities for improvement.
• Conducted Vulnerability Assessment and Penetration Testing (VAPT) for IT Infrastructure and Web Applications, identified vulnerabilities and provided recommendations for mitigation.
• Conducted a security review of the network and servers, identified gaps and provided recommendations.
• Conducted a gap assessment against ISO 27001:2013 Requirements
• Developed Policies, Procedures and supporting forms, templates as per ISO 27001 Requirements
• Developed implementation roadmap and provided Project Management Assistance

Value Provided

• Our independent and objective assessment provided visibility and insight into opportunities the client had to improve Information Security practices in accordance with industry trends and leading practices.
• We delivered a strategic portfolio of recommendations that the client could implement to transform the security culture and mature their current program capabilities according to their future state vision.