After the discovery assessment, the organization is convinced about the need to change the way they handle information assets. The information security framework is based on the ISO 27001 standards and is executed in a modular approach which enables the customer to select the areas they want to address immediately.

The framework is designed according to the requirements of ISO 27001. It addresses all the elements of the information eco-system i.e. People, Process, Technology and Third Parties and is divided into two phases that is Design of the framework and Implementation.

Design Phase:
The following are the activities carried out during the Design Phase:

	Recommendations for Physical and Environmental Security improvement
	Setting up of the Information Security Organization structure
	Asset Classification Assistance
	Risk Analysis
	Risk Mitigation Options
	Generation of Policies and Procedures
	Technology Device Reconfiguration
	Training

Implementation Phase:
Most challenging part of the information security initiative is the implementation of the policies, procedures and controls. The importance granted to this decreases over the period of time due to the business priorities. Mahindra Special Services Group provides implementation assistance to tide over the difficulties faced during the implementation and hand holds the organization towards self-sustenance, by setting up Help Desk within the organization. Implementation Assistance consists of the following activities:

	Briefing to the key personnel in the organization
	Addressing the issues during roll out
	Conversion of Policies and Procedures to action lists
	Monitoring and reporting of the implementation
	Internal Audits and training to audit team
	ISO 27001 Pre certification Audits
	Assistance during third party certification audit

The human centric approach with the process interlocks adopted by Mahindra Special Services Group ensures that the organization goes through a transformation which results in the enhanced protection to information assets.