Re-enforce information security risk improvements to adhere to global accreditation
The client is under constant pressure from regulators and business stakeholders to demonstrate a structured approach towards information and cyber security risks. The information security division has worked with various technology functions and business groups to improve information security control implementation through continuous risk assessment of applications and processes. The structured approach has been laid out to ascertain the information and cyber risk posture. It is constantly evaluated and subjected to internal and external validations to ensure the risks are managed through its life cycle. The client also looks to constantly engage with key business stakeholders to drive information and cyber risk mitigation and improved reporting.
PwC’s community of solvers collaborated with the client to design, implement and operate a robust strategy to solve the information and cyber security challenges of today and prepare for the future. We had helped the client develop the information security management system (ISMS) framework and risk assessment methodology over the years, as well as engaged to help in maturing the information and cyber risk management process, thus managing and minimising related risks for the enterprise. As part of the programme, we annually conduct a risk assessment for hundreds of applications and processes across ten locations in India and overseas. Over the years, we have delivered and sustained the envisaged outcomes. We continue to engage in the programme to discuss issues relevant to current times.
The framework was built to help the client with:
We can proudly say that we don’t just find answers; we never stop looking for them. By bringing together our human ingenuity, passion and experience with the latest technology, we prepared the client for a globally accepted certification covering multiple applications and processes for several locations across India and overseas. We also improved awareness and instilled a cyber risk culture for a client operating in a susceptible industry. Some of our key achievements include:
Built a comprehensive control library
Although the scope of certification increased, it significantly reduced overall risks and issues observed by the certification agency. Additionally, the time required for certification-ready units was reduced, thus saving cost and facilitating sustained outcomes.
Opting for PwC has helped the client with:
Building trust and getting best-in-class cyber risk guidance on demand.
Integrated internal risk management activities with the cyber risk programme.
Compliance with federal cyber security frameworks.
Ensuring the leadership gets access to various risk views and dashboards.
Managing Director, PwC