GramPro IT Governance, Risk and Compliance (GRC) solution
GramPro Business Solutions, based out of Mannuthy, Kerala, is launching an IT GRC solution for regulated entities via a suitable combination of IT Consulting and Opensource solutions. The solution is aimed at helping organizations through a series of well-tested interventions and enabling them to receive ISO27001 certification within 18 to 24 months. The solution levels below
Level 0
Develop IT Risk Register, IT Policies and Standard Operating Procedures
Set up IT Steering Committee and institute governance processes
Initiate an IT Audit Calendar. Ensure that the audit process is executed and observations are acted upon promptly.
Level 1
Set up tools for IT Asset Management, Change Management and Helpdesk Support.
Set up Firewalls, Antivirus Solutions, Network Analyzers, Security Incident & Event Monitors
Implement Incident Management & Disaster Recovery Solutions
Kickstart Information Security Awareness Training Programs
Level 2
App Security Advisory - Setup Identity & Access Management Solutions, Getting around OWASP Top 10, Data in-transit & Data at rest encryptions
Set up Endpoint security and Endpoint management solutions.
Design Data Classification policies and implement tools to enforce them
Perform Server Hardening & implement Patch Management solutions.
Institute a Network Operations Centre (NOC) and Security Operations Centre (SOC)
Define Data Contracts and set up Data Governance Processes per local data protection laws.
Level 3
Train IT Personnel on ISO27001 standards & processes
Perform a gap analysis by working along with a certified ISO27001 auditor
Design solutions for fixing the gaps and implement the same.
Provide all the necessary documentation support towards receiving the certification.
Grampro Team has helped several banks & NBFCs secure their IT infrastructure in the last few years. The infra & security team is a seasoned team supported by young security engineers from colleges of Kerala.