Problem Statement
Customer pursued CSA STAR certification and a review of the Information Security program to address Investor and customer requirements on information security and cloud security.
Services Delivered
- Assessed the readiness and compliance to GDPR requirements for an Insurance company
- Studied the legal contracts to identify requirements on privacy and security controls
- Identified additional privacy and security control requirements mandated by GDPR, if any, to be incorporated into contracts
- Conducted a Gap Analysis on the existing data protection practices (documentation, process and technology controls) against GDPR and provide a Gap Assessment report.
- Provided recommendations for remediation for each identified gap
- Conducted Privacy Impact Assessment, identified personal information and corresponding impact due to a breach
- Developed policies and procedures to meet security requirements outlined by GDPR
- Developed training content on GDPR requirements
Value Provided
- Conducted a comprehensive assessment against GDPR requirements
- Identified risks and corresponding remediation measures required to ensure compliance with contractual obligations and internal requirements
- Developed policies and procedures to meet GDPR control requirements
- Provided guidelines and support as part of implementation support
- Increased awareness on GDPR requirements
