CHALLENGE
As a pioneer in the Robotic Process Automation (RPA) Industry, Automation Anywhere Inc., is a rapidly growing unicorn. One of the key requirements of clients, investors and other stake holders was to ensure the security of not just the product but also the entire IT operations.
Given the rapid growth of the organization implementing security measures was proving to be a daunting task. The key requirements of the organization included information security, privacy and business continuity.
SOLUTION
A phased approach to implementation of security framework was adopted. The organization decided to first put in place an ISO 27001 based framework. Around this framework necessary controls were implemented. In order to meet GDPR compliance a privacy program was rolled out using privacy management tool. Further, a business continuity program was implemented for key locations to enhance resilience.
RESULTS
Over a period of 3 years the information security environment became mature through implementation of various policies and procedures. Further, compliance with privacy regulations like GDPR was achieved.
The organization also became resilient through implementation of business continuity plans, functional recovery plans and crisis management plan.
WHAT WORKED
Confidis follows a pragmatic approach to implementation of security controls. We understand that business has pressing business concerns to be taken care of on priority. Hence we recommended implementation of controls in a staggered manner instead of a big bang approach. This ensured minimum disruption of work while at the same time addressing key business risks.
LOOKING AHEAD
Information security, privacy and business continuity is a journey and not a destination. Over the next few years Confidis will be working closely to further enhance and expand various security frameworks to ensure security without affecting the business objectives.
ISO27001 Readiness
Confidis performs gap assessments as part of ISO 27001 readiness. Thereafter we help organizations to draft information security policies and procedures and implement necessary controls. We also perform internal audits required by ISO 27001 and handhold clients in achieving ISO 27001 certification.
Business Continuity Management
We help organization implement BCM inline with ISO 22301. This includes conducting Business Impact Analysis (BIA), Risk Assessment, Continuity Strategy, Crisis Management, BCM Exercises and BCM Auditing. Further we also help organization to plan for IT Disaster Recovery.
GDPR Readiness
We conduct Data Processing Impact Analysis (DPIA) to understand the private data processed by the organization. Thereafter we help organization implement privacy controls to ensure that they are compliant with regulations like GDPR and CCPA.
Assistance on Legal and Compliance
We assist clients to respond to information security, privacy and business continuity questionnaires. At times clients find it difficult to respond to technical queries related to compliance. With over 3 decades of experience in this space we assist clients to respond in an appropriate manner to compliance queries.