Problem Statement
Customer wanted an independent and objective assessment of Information Security against ISO 27001:2013 ISMS, to understand the gaps and opportunities for enhancing the security posture.
Services Delivered
- Conducted a comprehensive risk assessment, identified risks across organization (Operations, Facilities, Human Resources, IT Infrastructure etc.) and provided recommendations
- Reviewed SDLC practices, IT infrastructure setup, regulatory requirements etc. and identified opportunities for improvement.
- Conducted Vulnerability Assessment and Penetration Testing (VAPT) for IT Infrastructure and Web Applications, identified vulnerabilities and provided recommendations for mitigation.
- Conducted a security review of the network and servers, identified gaps and provided recommendations.
- Conducted a gap assessment against ISO 27001:2013 Requirements
- Developed Policies, Procedures and supporting forms, templates as per ISO 27001 Requirements
- Developed implementation roadmap and provided Project Management Assistance
Value Provided
- Our independent and objective assessment provided visibility and insight into opportunities the client had to improve Information Security practices in accordance with industry trends and leading practices.
- We delivered a strategic portfolio of recommendations that the client could implement to transform the security culture and mature their current program capabilities according to their future state vision.
