/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow Us/dq/media/post_banners/wp-content/uploads/2015/06/scsb-security-lead.png)
There is little doubt about the fact that data is the most valuable asset for any organization, regardless of its size. Add to this, with targeted and sophisticated attacks on the rise, data security has emerged as a top priority area for all enterprises. This is epecially true for the IT-ITeS sector as it deals with a large amount of critical and confidential client data. Given this, Evalueserve, which is a global specialist in knowledge processes with a team of more than 2,600 professionals worldwide, was looking at establishing robust data security practices within the organization. Evalueserve’s business model involves providing a variety of services to clients while delivering the highest possible levels of security and availability. However, the company was facing several challenges with the current information security management system in place. Some of the challenges included separate and complex
risk assessment processes for BCM and information security, semi-automated and time consuming process of getting acceptance from users for various policies in the system, issues in managing business continuity, tracking contractual and client compliance, among others.
STRENGTHENING SECURITY PRACTICES
To address these challenges, Sachin Jain, CIO, Evalueserve embarked on a project to strengthen security practices within the organization. He and his team evaluated a number of solutions. “We took a decision to go for a governance, risk, and compliance tool. The platform allows to adapt each module to our requirements, build customized workflows, processes, and integrate with other systems,” informs Jain.
GRC platform supports business-level management of enterprise governance, risk management, and compliance (GRC) with the help of modules like enterprise management, risk management, business continuity management, policy management, and compliance management.
Evalueserve partnered with RSA, IBM, and KPMG for consulting and implementation.The primary objectives of this project were: Integrated risk assessment for information security and business continuity risks; single repository for all ISMS and BCM related information; automation of various processes including policy management, internal audit and contractual compliance; dashboard view for the management; and establishing clear linkage between enterprise processes, risks and controls.
The idea was to get a centralized system which will not only increase efficiency of the system but to also have abetter visibility of the security framework. The USP of the project was that Evalueserve could get it right in the first attempt. “Very few players in our industry have the capability of GRC and getting right in the first attempt is always a challenge which we managed to sail through without any issue,” asserts Jain.
KEY BENEFITS
With the implementation of the GRC platform, real-time dashboards and reports are now available to the management, clients, and other key stakeholders in the information security management system.
The project has resulted in a number of benefits for Evalueserve, including increased effeciency and reduced errors. “Automation of various processes including policy management, internal audit, and contractual compliance is helping internal functions to reduce human errors and increase efficiency. We can also integrate risk assessment for information security and business continuity management, thus saving time for risk owners,” asserts Jain.
In addition, a single repository for all ISMS and BCM related information enables quick retrieval of information. The company is also able to do health assessment of various controls of standards such as ISO 27001 in real time. With the implementation of the GRC platform, Evalueserve has gained visibility into key risks, which help
manage budgets and has significantly improved decision making capability. Approach and methodology for risk assessment has been simplified to enable all key members of the security group and risk owners to conduct regular assessment anytime based on their needs and changes in the system without any dependency on the core security team. Further, policy management has reduced the workload of HR and compliance while providing them bettervisibility in the system.