Information Risk Management Consulting

In an environment of escalating information security threats, technology outages, data integrity and quality issues, corporate governance concerns and privacy regulations, organizations need to be sure of the integrity, confidentiality, and availability of their paper & electronic information and underlying systems. This requires information handling, communication & storage systems that are properly deployed, monitored and controlled.
 
With increasing regulatory norms being enforced for companies, managing risks affecting confidentiality, integrity and availability of vital information assets has become one of the most important business drivers as well as a key differentiator from competition.

Information technology has evolved with a massive change across industry which has transformed the way we work, also with increased globalisation, technological advancements and continued innovation have brought in certain business risks which pose an inherent vulnerability to our business systems, control processes, data privacy challenges, business continuity faced by corporates today. In order to manage and service clients there is an pivotal need to plan and take control of our IT governance framework while delivering world class uninterrupted value proposition to our customers.

W, at Riskpro, understand the criticality and need of right IT risk management framework, methodologies and hence we’re delighted to launch our IT Risk Advisory services in addition to our existing bouquet of Risk advisory, Consulting, Training & Human Capital Services
 

Service Offerings

We have modeled our service offerings around the information risks with focus on service delivery, execution, and client satisfaction. We offer following services:

1. Dipstick review

Dipstick review is a high level look at the significant risks affecting information assets and a quick look at the controls. This review is suitable for a quick and dirty look at the low hanging fruits or for setting context for a bigger review.
 

2. Information Security Audits

Based on the global control frameworks such as ISO 27001, COBIT & ITIL, the IS audit service is meant to augment the regular internal audits and provide expertise on information security controls. The audit covers regulatory compliances, adherence to internal policies and procedures, second party vendor audits, readiness checks for certifications, and compliances like Information Technology Act of 2000, UK’s Data Protection Act 1998, HIPAA, GLB & SOX. The audit findings help organizations in identifying the level of compliance and areas of improvement. 
 

3. ISO27001 Certification

ISO 27001 is a global standard for information security practices. Originating from the British standard BS1799, ISO 27001 certification goes beyond traditional IT security and also includes other important risk areas such as employee related risks (during hiring, employment, transfers and termination), Physical/environmental risks, compliance related risks, business continuity risks, senior management commitment, linkage to risk management etc. There are 133 specific controls across 11 domains and certification is given by the external certification body only against demonstrable implementation of controls.  

-ISO 27001 design & implementation consulting – ISO 27001 consulting including gap assessments, policy and procedure design, risk assessments, information systems controls design and evaluation. We follow proven methodologies to enable your organization get certified to ISO 27001 standard and sustain the certification. We can also provide entire lifecycle support with periodic audits and assessments, risk analysis to ensure that after certification the client is ready for the periodic surveillance audits.

-Pre-certification assessments - A pre-certification audit is a high level evaluation indicating where your company currently stands in compliance with specific standards (ISO 27001, BS 25999) before the main certification audit. This audit is conducted under certification audit conditions and non-conformances are identified for the client’s action. Pre-certification Audit provides information as to how an organization’s current practices compare to the relevant certification requirements

4. Business Continuity/Disaster Recovery/Crisis Management

Ensuring Business Resilience and providing immediate, accurate and measured response to emergency situations. Facilitate the recovery of Critical Business Process to reduce the overall negative impact on Business and revenue.

-Business Impact Analysis – identifying process criticalities, recovery priorities & resource requirement
-Testing services – testing of various intensities from a walkthrough, desktop scenario to full BCP test
-BCP plan development – Design and development of BCP plan so that BCP strategies & tactics are in sync with business objectives. We also provide entire BCP lifecycle support.

5. BS 25999 implementation services

BS 25999 is a formal standard released by the British Standards Institute and provides guidelines on the system, response strategies, maintenance, improvements, and implementation of business continuity plans. It demonstrates to the stakeholders such as your customers that you will meet expectations despite any business disruptions due to disasters. The certification is awarded only after there is evidence that all requirements in the standard are fulfilled. We provide implementation against standard and maintenance services.
 

6.Third party/outsourcing risk reviews

Review of risk management practices at your third party locations. Whether your third party service provider provides only services or holds data for you, regular risk reviews will mitigate the potential of breach of confidentiality, integrity & availability of information at Service Providers.
 

Our team

Our team has fully qualified Information Security Professionals with Certified Information System Auditors - CISA, Member Business Continuity Institute - MBCI, Certified Internal Auditors - CIA, ISO27001 auditors. . Our team has worked with diverse BFSI firms in India, US and UK with strong implementation experience with ISO 27001 certification, compliance frameworks satisfying UK’s Data Protection Act 1998, UK FSA’s Treating Customers Fairly, BCP mandates, US HIPAA and GLB as well as SEC regulations

More Info: 
Manoj Jain: 9833767114, manoj.jain@riskpro.in
Tags: 
Tags: 

Other Services of Interest

  • Digital Forensic Services

    Riskpro has partnered with a specialist Digital Forensics Services firm to offer digital forensic services. This involves analysis of digital assets for specified objectives. Whether it is a...
  • Privacy and Data Protection Services - General Data Protection Regulation (GDPR)

    The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. Riskpro India now offers Indian companies Data Protection assessments, GDPR...
  • COSO ERM 2017 - Know the risks that matter

    In risk management, the end goal is to manage the risks that matter, and not to manage all the risks that can exist. For this, a welcome update to COSO ERM 2017 is the shift from process based risk...
  • Automating Legal Compliance Management

    Never miss a compliance. Register by sending an email to info@riskpro.in
  • Risk Management Score - Benchmarking Risk Management effectiveness

    Risk Mitigation results are often not apparent. This makes it more difficult to justify whether a company is doing it right. To overcome this issue, Riskpro has introduced a proprietary Risk...
  • Legal Compliance software - Partnership Announcement

    Riskpro is pleased to announce that we have partnered with LexComply to offer legal compliance software solutions to our clients. To learn more about legal compliance software that we have to offer...
  • Go to top