Problem Statement

Customer pursued CSA STAR certification and a review of the Information Security program to address Investor and customer requirements on information security and cloud security.

Services Delivered

• Assessed the readiness and compliance to GDPR requirements for an Insurance company
• Studied the legal contracts to identify requirements on privacy and security controls
• Identified additional privacy and security control requirements mandated by GDPR, if any, to be incorporated into contracts
• Conducted a Gap Analysis on the existing data protection practices (documentation, process and technology controls) against GDPR and provide a Gap Assessment report.
• Provided recommendations for remediation for each identified gap
• Conducted Privacy Impact Assessment, identified personal information and corresponding impact due to a breach
• Developed policies and procedures to meet security requirements outlined by GDPR
• Developed training content on GDPR requirements

Value Provided

• Conducted a comprehensive assessment against GDPR requirements
• Identified risks and corresponding remediation measures required to ensure compliance with contractual obligations and internal requirements
• Developed policies and procedures to meet GDPR control requirements
• Provided guidelines and support as part of implementation support
• Increased awareness on GDPR requirements