Blogs

GramPro Business Services’ IT Governance, Risk and Compliance (GRC) Solution Satish Ayyaswami

GramPro Business Services has launched an IT GRC solution for regulated entities via a suitable combination of IT consulting and open source solutions. It is aimed at helping organisations through a series of well-tested interventions and enabling them to receive ISO-27001 certification within 18 to 24 months. The solution levels are below:

Level 0
  • Develop IT risk registers, IT policies and standard operating procedures
  • Set up an IT steering committee and institute governance processes
  • Initiate an IT audit calendar. Ensure that the audit process is executed and observations are acted upon promptly.
Level 1
  • Set up tools for IT asset management, change management and helpdesk support.
  • Set up firewalls, antivirus solutions, network analyzers, security incident & event monitors
  • Implement incident management & disaster recovery solutions
  • Kickstart information security awareness training programmes
Level 2
  • App security advisory - setup identity & access management solutions, getting around OWASP Top 10, data in-transit & data at rest encryptions
  • Set up endpoint security and endpoint management solutions.
  • Design data classification policies and implement tools to enforce them
  • Perform server hardening & implement patch management solutions.
  • Institute a Network Operations Centre (NOC) and a Security Operations Centre (SOC).
  • Define data contracts and set up data governance processes as per local data protection laws.
Level 3
  • Train IT personnel on ISO-27001 standards & processes
  • Perform a gap analysis by working along with a certified ISO-27001 auditor
  • Design solutions for fixing the gaps and implement the same.
  • Provide all the necessary documentation to support receiving the certification.

GramPro Business Services has helped several banks and non-bank financial institutions (NBFC) secure their IT infrastructure in the last few years. Our infrastructure & security team comprises young and seasoned security engineers capable of attending to challenges unique to each institution.

Satish Ayyaswami is GramPro Business Services’ special advisor. The article originally appeared on TechAdvisory for Indian Businesses