After
the discovery assessment, the organization is
convinced about the need to change the way they
handle information assets. The information security
framework is based on the ISO 27001 standards
and is executed in a modular approach which enables
the customer to select the areas they want to
address immediately.
The framework
is designed according to the requirements of ISO
27001. It addresses all the elements of the information
eco-system i.e. People, Process, Technology and
Third Parties and is divided into two phases that
is Design of the framework and Implementation.
Design Phase: The following are the activities carried out
during the Design Phase:
Recommendations for Physical
and Environmental Security improvement
Setting up of the Information Security
Organization structure
Asset Classification Assistance
Risk Analysis
Risk Mitigation Options
Generation of Policies
and Procedures
Technology Device Reconfiguration
Training
Implementation
Phase:
Most challenging part of the information security
initiative is the implementation of the policies,
procedures and controls. The importance granted
to this decreases over the period of time due
to the business priorities. Mahindra Special Services
Group provides implementation assistance to tide
over the difficulties faced during the implementation
and hand holds the organization towards self-sustenance,
by setting up Help Desk within the organization.
Implementation Assistance consists of the following
activities:
Briefing to the key personnel
in the organization
Addressing the issues during roll out
Convertion of Policies
and Procedures to action lists
Monitoring and reporting
of the implementation
Internal Audits and training
to audit team
ISO 27001 Pre certification
Audits
Assistance during third
party certification audit
The human centric
approach with the process interlocks adopted by
Mahindra Special Services Group ensures that the
organization goes through a transformation which
results in the enhanced protection to information
assets.
