Making Sense of Compliance Requirements for SMEs
CHALLENGE
Our Client is a boutique actuarial company that provides services to large organizations. However, of late these organization had been demanding that Thanawala comply with stringent information security guidelines.
Given that the Client was a small organization it was finding difficult to address this requirement.
SOLUTION
As a part of the compliance project Confidis assessed the requirement specified by various clients of our Client. After gathering a list of requirements, it was decided to implement an ISO 27001 framework to address compliance needs.
This involved performing a gap assessment to identify security controls to be implemented. This was followed by documenting information security policies and procedures and implementation of controls.
We also over saw monitored implementation of physical and logical controls in the environment. In addition, we also trained staff on information security.
RESULTS
After implementation of controls and documentation, the information security maturity improved significantly. The Client was able to address client queries of its information security posture much more effectively.
WHAT WORKED
Given that the Client was a small organization Confidis followed a pragmatic approach towards compliance. It helped tailor a program that was appropriate for the size of the organization, without burdening it with compliance responsibilities. Confidis also took a hands-on approach to implement physical and logical security controls.
ISO27001 Readiness
Confidis performs gap assessments as part of ISO 27001 readiness. Thereafter, we help organizations to draft information security policies and procedures and implement necessary controls. We also perform internal audits required by ISO 27001 and handhold clients in achieving ISO 27001 certification.