The risk from information systems can be managed by adopting globally accepted controls framework such as ISO 27001, ITIL, or CoBIT. Implementing any of these frameworks requires a systematic approach to analyzing the key risk areas, identifying and documenting the controls and then monitoring and measuring the compliance. Information Risk Management (IRM) can be extended to designing a Business Continuity Strategy and developing and testing business continuity plans. We offer the following services as part of the Information Risk Management service suite.
We provide ISO 27001 compliance and pre-certification audit services. The ISO 27001 standard provides a structured framework for the implementation of an Information Security Management System (ISMS) within your organization.
Our team consists of experienced ISO 27001-certified lead auditors and implementation experts, with the right blend of technical and business process know-how. Thus providing a balanced approach to the entire exercise. Our focus is always on the triad of People, Processes, and Technology.
PCI DSS - Payment Card Industry Data Security Standard
We provide consulting services to comply with and audit the PCI DSS standard. PCI DSS, is jointly released by credit card companies aimed at protecting card holder data. The standard requires the members, merchants, and service providers using credit card facilities to carry out regular PCI Scans and PCI Security Audits post compliance. The PCI DSS version 1.2 is comprised of six control objectives, which in turn contain twelve specific controls. NII helps organizations meet all the requirements with the help of its robust consulting methodology.
IT Service Management - ITIL and ISO/IEC 20000
IT Service Management Best Practices are being increasingly adopted by companies to improve the quality of their service and reduce their operational costs. NII Consulting can help organisations in successful adoption of best business practices and standards and thus maximise their value for IT investments.
CoBIT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. NII helps draft, review and implement policies and procedures to put IT controls in place for your organization. We help organizations increase the value attained from IT.
Business Continuity Management
Our Business Continuity Management services are based on BS 25999. We help you evaluate information assets and its criticality levels in determining the strategies for minimum loss in productivity through optimum utilization of resources.
Objectives as part of the Business Continuity Management service are
- Minimize disruptions of business functions and external entities
- Provide roadmap for disaster recovery operations
- Ensure timely resumption of normal business at earliest possible time
- Limit impact of disruption on company's mission and reputation
- Limit financial losses