Risk & Compliance Advisory
Risk is defined as any untoward event(s) which have probability to impact organization. We use various methodologies such as Asset bases risk assessment, OCTANE, Failure Mode effect analysis and others to assess the risk to the IT environment. We at CyberSRC provide holistic view and manage IT Risks end to end for an organization at covering the following landscape:
Enterprise Risk- Our Hybrid approach ( Top->Bottom & Bottom-> Top) helps organization evaluates their current IT Risks at BU/Business unit levels. The reporting system (MIS) is useful tool for informed decision making by management of the organization.
Technology Risk – We assess the current ‘As-IS’ organization Technology environment to current best practises/standards. The report provide the technology risks such as obsolete systems or devices. Each day technology updates have led to risk in Technology risk, regular risk reviews and mitigation are the best option to ensure the risks are managed.
Cyber & Digital Security Risks- Cyber space & Digital systems are more prone to risk owing to highly exposed attack surface. We at CyberSRC understands the process & Technical risks to the domains. Our Risk management included assessing risks to various technologies/tools such as IOT, AI/ML, Blockchain and devising risk mitigation strategies. Refer to our domain on Cyber Security for detailed elaboration on technical risk assessments.
We at CyberSRC have experience of end to end consulting for Privacy & Data protection landscape. We conduct various industrial work shops and training on Privacy laws such as GDPR, HIPPA, & other global privacy laws.
We cover Data Protection domain including but not limited to:
Gap Assessment (Data Discovery, Flow mapping and classification)
Data Subject access rights
Data protection impact assessment
Infrastructure security contol review
Contracts/Agreements reviews ( Binding agreements and module clauses)
Third Party agreement reviews
Privacy Risk Management Framework
DPO (Data Protection officer) as Service
CyberSRC consultancy has experienced consulltants to provide guidance on end to end SOX complaince requirements. As mandatory requirement for organization to keep check on design and operation effectiveness of Internal control environemnt. We provide consultants/infrastructure to test the controls on regular basis and provide test results/reports to organization with recommended actions plans. We have rich consulting experience for Management testing of IT General and applications controls. We can draft the controls description (Controls), test scripts and test reports based on requirements Please read more to find more about SOX Testing requirements
Section 302: SOX Section 302 relates to a company’s financial reporting. The act requires a company’s CEO and CFO to personally certify that all records are complete and accurate. Specifically, they must confirm that they accept personal responsibility for all internal controls and have reviewed these controls in the past 90 days. These internal controls include a company’s information security infrastructure inasmuch as its accounting and reporting is performed electronically in other words, for almost all modern businesses there is a clear mandate to ensure high security standards are enforced.
Section 404: Section 404 stipulates further requirements for the monitoring and maintenance of internal controls related to the company’s accounting and financials. It requires businesses to have an annual audit of these controls performed by an outside firm. This audit assesses the effectiveness of all internal controls and reports its findings back directly to the SEC.
CyberSRC assist organizations manage their contractual, regulatory and legal compliances falling under the ambit of IT landscape. Our methodologies are based on industry best practices and, as per compliances requirements. Following are some of the assessment and compliance review services we manage for organizations includes but not limited to
India IT Act compliance assessment & audit
RBI Guidelines for NBFCs & Banking
DOT( Department of Telecom) guidelines
MSA (Monetary Authority of Singapore) Guidelines
Healthcare Standards of HIPPA, Hi-Trust compliance
Contract Review for organizations
Our experts in GRC solutions provided functional & technical consultancy services for organizations. We provide development support for platform such RSA Archer platform using SDLC methodologies such as Agile, Waterfall and other SDLC methodologies.
Following are some of the modules we have worked and provide end to end support as administrator and/or consultant:
Threat & Vulnerability Management
Business continuity Management
We have dedicated pool of consultants and association with certification bodies to provide end to end solution for Consultancy and Certification in the following domains
Information Security ( ISO/IEC 27001:2013)
Quality Management ( ISO/IEC 9001:2015)
Service Management ( ISO/IEC 20000:2011)
Business Continuity (ISO/IEC 22301:2012)