GramPro Business Services has launched an IT GRC solution for regulated entities via
a suitable combination of IT consulting and open source solutions. It is aimed at
helping organisations through a series of well-tested interventions and enabling
them to receive ISO-27001 certification within 18 to 24 months. The solution levels
are below:
Level 0
- Develop IT risk registers, IT policies and standard operating procedures
- Set up an IT steering committee and institute governance processes
- Initiate an IT audit calendar. Ensure that the audit process is executed and
observations are acted upon promptly.
Level 1
- Set up tools for IT asset management, change management and helpdesk
support.
-
Set up firewalls, antivirus solutions, network analyzers, security incident
& event monitors
-
Implement incident management & disaster recovery solutions
-
Kickstart information security awareness training programmes
Level 2
- App security advisory - setup identity & access management solutions,
getting around OWASP Top 10, data in-transit & data at rest encryptions
-
Set up endpoint security and endpoint management solutions.
-
Design data classification policies and implement tools to enforce them
-
Perform server hardening & implement patch management solutions.
-
Institute a Network Operations Centre (NOC) and a Security Operations Centre
(SOC).
-
Define data contracts and set up data governance processes as per local data
protection laws.
Level 3
- Train IT personnel on ISO-27001 standards & processes
-
Perform a gap analysis by working along with a certified ISO-27001 auditor
-
Design solutions for fixing the gaps and implement the same.
-
Provide all the necessary documentation to support receiving the
certification.
GramPro Business Services has helped several banks and non-bank financial
institutions (NBFC) secure their IT infrastructure in the last few years. Our
infrastructure & security team comprises young and seasoned security engineers
capable of attending to challenges unique to each institution.
Satish Ayyaswami is GramPro Business Services’ special advisor. The article originally
appeared on
TechAdvisory for Indian Businesses