GRC Data Lifecycle
SSAP Vendor Risk
Governance, Risk Management, and Compliance (GRC) are three pillars that work together for the purpose of assuring that an organization meets its objectives through effective utilization of people, process and technology. Once an organization reaches a particular size, coordinated control over GRC activities is required to operate effectively. Sustaining an IT or Information Security GRC program with evolving governance needs changing risk landscape and multiple compliance requirements, which can be a challenge for most enterprises.
Paladion provides a proactive approach to track and analyze risks with its state-of-the-art GRC platform, risk intelligence, and efficient service modules, helping you enhance your operational, regulatory and business risk management. Our integrated approach to GRC avoids overlapping and duplication of risk management activities, and offers a cost-effective and sustainable model.
Data Lifecycle Management
The most important and critical part of any organization is data and its management. In every organization there is huge exchange of data at every instance of time. Data processed is sent to multiple entities, including 3rd parties, agents, partners and customers. Users are increasingly leveraging mobile devices as a convenient medium for increasing business performance. Consequently, critical data gets stored and processed through mobile devices. Accessibility to the Internet has become more of a norm than an option.
Cloud/Virtualized infrastructure has become the most sought after concept for reducing IT expenditure. Data is no longer processed within your own secure environment, but processed in the cloud – whose location is not known to the end consumers.
Data leakage through internet channel
Mishandling of customer data
Accidental transfer of critical data
Use of high end gadgets leading to extensive data access
Unauthorized access to data stored in printer
Inability to control access to large data
Leaking of data by contract staff
Improper data disposal
Regulatory/compliance issue due to mismanagement of data
Paladions DLM framework provides a holistic approach to manage the data in a manner which aides in improving business processes and ensures security of the business critical and customer sensitive data.
Vendor Risk Management
The primary objective of performing information security assessment for the vendors is to ensure that customer data is protected. Vendor audits covering information security best practices, general IT controls and compliance to standards such as ISO 27002 provide a level of assurance for the management of the outsourcing company.
Paladion has a comprehensive audit framework that spans all domains of vendor’s audit. The audits will be conducted be specialized auditing team. The findings will agree with the vendors to avoid any future disagreement on the audit findings. Disputed items if any will be reported to the organization and will be resolved. Evidences will be collected where applicable. The audit findings will be segregated using into risk level as agreed with the organization.