Consulting

We offer consulting on the following areas. If desired by the client, we also assist them to go for certification of the ISO standards through our empanelled certification partners. As part of consulting, we provide handholding to the personnel identified by the client organization during implementation so that maintenance of certifications can be managed in-house without any external dependency.

ISO 27001

ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS). ISMS is a systematic approach for managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process. It can help small, medium and large businesses in any sector keep information assets secure. Today across the globe Information Technology is back bone for business of all sizes. ISMS implementation enhances the control effectiveness and improve the ROI for security investments.

ISO 22301

Business Continuity Management Systems (BCMS) - The requirements of ISO 22301 are general and are intended to be applied to all organizations, despite of their types, sizes and nature of business. Compliance to the standard will help the organization to plan their business continuity in case of disruption to avoid delay in resumption. Testing the Business Continuity Plans at periodic intervals will help the organization to avoid surprise elements that delay business resumptions in case of a disruption. The test reports are documented and recorded for finetuning the BC Plan to make it more effective.

ISO 20000

ISO/IEC 20000 has been developed to:

Meet the requirements of larger international audience
Provide a common understanding of the management of IT services worldwide

The certification covers all the facets of IT service management that are the root cause of 80% of total spend on IT by various organizations. The standard is issued in 2 parts and it enables all the service providers to understand the delivery process of enhancing the of service offered to their clients, internal as well as external.

HIPAA

Health Insurance Portability and Accountability Act (HIPAA)sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA Compliance. Covered entities I involving anyone providing treatment, payment, and operations in healthcare and business associates organizations who has access to patient information and provides support in treatment, payment, or operations must meet HIPAA Compliance. Other entities, such as subcontractors and any other related business associates must also be in compliant.

SOC1 & SOC2

Service Organization Controls (SOC) aims to protect the interest of the user entity while receiving services from the service organisation.

SOC 1 is aimed at assuring a user entity that there are adequate controls over financial reporting (IFCR).

SOC 2 aims to protect the interest of the user entity while receiving services from the service organisation. This is assured by the attestation provided by Certified Public Accountant (CPA) in issuing a Type 1 report or a Type 2 report. Type 1 is an attestation of control testing for a point in time, whereas Type 2 report as a result of testing controls over a period of time.

IT Governance

Small organizations that are security concious but lack of in-house expertise can go for General IT Contol implementation in their organization. These IT controls are derived from various international best practices tailor made to suite the client organization. This will help the organization to maintain their digital hygiene and embed information security practice to their business operations.

As part of this service, we help the organization to develop thier information security policies and Procedures. Set up information security objectives and process of managing and maintaining information security in the organization.

Business Continuity

Recent pandemic COVID-19 has ruined economies across the globe. Organizations that have not planned their business continuity have lost their business due to prolonged lockdown.

We help our clients to identify the critical business operations that needs to be continued in case of disruption. We also help our client's to plan their business continuity and conduct periodic business continuity exercise to tackle unexpected business disruptions.

DR Testing

Disaster Recovery should be on an ongoing basis for organizations that are technology intensive. Usually, organizations will have disaster recovery plan but often fail to update regularly. This gives the organization a false assurance and in case of technology failure they will not be able to resume operations within the pre-determined RTO/RPO. We help the clients to conduct DR testing periodicaly to eliminate evolving discripancies in their DR plans.

IT Systems Testing

Vulnerability Assessment and Penetration Testing needs to be conducted a periodic intervals to check the secutiry posture of the business and also to eliminate new threats emerging from time to time.

Similarly, Web Application and Mobile Application security assessments needs to be done annually or whenever major changes are made to those applications.

We offer these services through our partners.