Governance  Risk and Compliance

Goals and Objectives

·       To manage Information Security Risk while keeping the cost of risk treatment plus resulting residual losses within decided acceptable thresholds.

·       To bring value to the stake holders on multiple levels, vectors, and unification points so that the risk program serves to purpose of strengthening their mission and assisting with achieving their goals thereby reducing risk.

·       To have as complete as possible register of information risk to well serve the need of reporting and analysis with the goal of being able to determine changes in risk and where risk with respect to tolerance.

Services :

·        Risk Identification and Assessment – Proactively identify existing and potential areas of information security risk. Assess potential impact to protect the integrity, Confidentiality, and reliability of information assets. Using a risk assessment framework and methodology, Identify, assess and prioritize those risks.

·         Risk Management - Provide risk management oversight that represent the enterprise appetite and tolerance for risk.  Identify and monitor initiatives to remediate the risk.

·         Application Risk Assessment - ApplicationRisk Assessment is the process of assessing the existing and new  applications being used in organization  for – 1) Rating the application based on the criticality of the data it handles and services it caters to 2)  Identifying Information security risk based on the impact on the confidentiality, integrity and availability of corporate assets.

Application Risk assessment Report 

·        Vendor Risk Management -  Conduct Vendor reviews to identify information security risks from vendors that provide services to the Company.

Risk Register

All the Risk are consolidated at the single location and prioritized as per the severity . Users are encouraged to report all information security risks that they may come across or they foresee by using the “Risk Report” in the below link. The reported risks will be validated and appropriate action be taken to minimize the impact on Company.

Risk Register