Information Security Management Services

Information Security Framework

In this day and age of ever-increasing cyber threats, every organization must have a robust information security management system (ISMS) in place to manage and safeguard sensitive information. Excedor uses a systematic and structured approach to help organizations design and implement a holistic, customised ISMS that meets their specific information security requirements.

Planning Phase

Excedor begins the exercise with an exhaustive Planning phase which involves:

• Comprehensive Gap Analysis to determine the difference between the current and required security levels. The gap analysis helps Excedor identify areas that need to be revamped to comply with relevant standards and best practices.

Information Classification to categorise your information assets by focusing on the damage or loss that can result from its disclosure....

planning
implementation

Implementation Phase

Excedor ensures that its risk management framework covers all areas: technology, process and people.  Technology covers both hardware, software and networking, while process involves devising practices and policies that safeguard information, such as formulating and implementing access control policies. Finally, there is the human element and risk management requires defining how people handle, store, and share information.

In addition, Excedor also creates and conducts training programs to enable all stakeholders to effectively use the ISMS.

Audit

Excedor conducts an audit 30 to 60 days after the ISMS is implemented. This audit is used to ensure that the organization is following the processes, policies and protocols that were implemented, and identifies pain points and vulnerabilities, if any. Excedor refines the ISMS to address any findings and further strengthen the organisation’s risk management.

Certification

The ISO: 27001 certification helps boost an organisation’s reputation. Excedor’s stringent implementation of ISMS standards facilitate the certification process for organizations that choose to acquire the ISO 27001 certification. We also handhold the organisation during its preparation for external certification audits.

audit
managed-security

Managed Information Security Services and Sustenance

An outdated ISMS nullifies the benefits of implementing one. Therefore, Excedor has devised Managed Information Security Services and Sustenance solutions to preserve the momentum of your information security initiative.

We align ourselves closely with your internal ISMS team to facilitate the smooth functioning of the ISMS...

Outsourcing Risk Management

With the growing trend of outsourcing business operations, it is now incumbent on organizations to bring third-party service providers within the ambit of the organizations’ information security frameworks. While relevant controls are often embedded in service covenants, it is essential to monitor if the providers are adhering to the controls.

Excedor employs the failure mode effects analysis (FEMA) to thoroughly assess the risks of your outsourcing options.

outsourcing-security