ISMS Framework

After the discovery assessment, the organization is convinced about the need to change the way they handle information assets. The information security framework is based on the ISO 27001 standards and is executed in a modular approach which enables the customer to select the areas they want to address immediately.

The framework is designed according to the requirements of ISO 27001. It addresses all the elements of the information eco-system i.e. People, Process, Technology and Third Parties and is divided into two phases that is Design of the framework and Implementation.

Design Phase

The following are the activities carried out during the Design Phase:

  • Recommendations for Physical and Environmental Security improvement
  • Setting up of the Information Security Organization structure
  • Asset Classification Assistance
  • Risk Analysis
  • Risk Mitigation Options
  • Generation of Policies and Procedures
  • Technology Device Reconfiguration
  • Training

Implementation Phase

Most challenging part of the information security initiative is the implementation of the policies, procedures and controls. The importance granted to this decreases over the period of time due to the business priorities. Mahindra Special Services Group provides implementation assistance to tide over the difficulties faced during the implementation and hand holds the organization towards self-sustenance, by setting up Help Desk within the organization. Implementation Assistance consists of the following activities:

  • Briefing to the key personnel in the organization
  • Addressing the issues during roll out
  • Conversion of Policies and Procedures to action lists
  • Monitoring and reporting of the implementation
  • Internal Audits and training to audit team
  • ISO 27001 Pre certification Audits
  • Assistance during third party certification audit

The human centric approach with the process interlocks adopted by Mahindra Special Services Group ensures that the organization goes through a transformation which results in the enhanced protection to information assets.