Sequretek helps a financial firm in fulfilling their ISO27001:2013 initiative


About Customer

The client is a global analytics company that provides ratings, research, and risk and policy advisory services. Its majority shareholder is Standard & Poor's, a division of McGraw-Hill Financial. It is a provider of financial market intelligence.

Industry - Finance



Challenge

Information is the most important asset for any organization that wishes to maintain a competitive edge over its rivals. An efficient management system to secure the organization's information becomes imperative and highly challenging.

To this end, the International Organization for Standardization (ISO) publishes accepted standards (ISO27001) to define processes to fulfil this requirement. The client already had processes in place, meeting the old standard published in 2005. But in the world of technology where evolution takes place at a prolific rate, it is important to keep up with the times. Sequretek helped the client to streamline their processes to keep up to date with the current standard, and thereby meet its organization's security objectives.


Solution

Sequretek followed the holistic approach of PDCA (Plan, Do, Check, Act) to formulate an efficient and robust setup to assist the organization in achieving the intended outcome of its information security management system. The existing policies were analysed and a thorough gap assessment was conducted to detect any lacunae in the on-ground processes. The policies and requirements constructed from the old standard (ISO27001:2005) were mapped against the current standards requirements (ISO27001:2013).

Post this activity, a risk management methodology was formulated to efficiently identify, analyze and evaluate the risk adjacent to pertinent process. An effective risk treatment plan was drawn based on the standard controls to modify the risk to acceptable thresholds. An independent audit was conducted to validate the robustness of the ISMS implementation keeping objectivity and the concept of maker-checker in mind.


Results

• Improved ability to meet customer expectations
• Enhanced ability to win large enterprise customers
• Strengthened management systems
• Embedded best practices
• Enhanced performance and reputation
• Sharper competitive edge
• Adherence to the most current and widely used international standard


Highlights

- Conduct a gap assessment of current operations against policies
- Document transition from ISO 27001:2005 to ISO27001:2013
- Streamline the risk management process
- Conduct an audit against the newly formed documentation and validate conformance to international standards for information management systems.