Frameworks and Compliance

AITCPL has proficiency to carry out audits based on various frameworks

PIMS/GDPR based on BS-10012/ISO-27001

European Union (EU) has defined GDPR framework for the organizations who are processing the personal information of citizens of EU outside. The organizations have to comply with GDPR to process the EU citizen information.
The organizations, who are aspiring to implement Personal Information Management System as a part of policy and same is addressed by PIMS (BS-10012).

Consultancy for the implementation of
Privacy Information Management System
Defining the scope
Preparation of policies and procedures
User Awareness
Defining access matrix
Defining policy for vendor/ISP/ASP management handling the personally identifiable and critical information
Classification of PII
Use of encryption for data in transit and data at rest
Access to data in use
Physical and logical security to IT infrastructure where PII is stored
Periodic reviews for the logical and physical accesses to PII

ISMS based on ISO-27001

As a part of policy, to secure the information security, organizations use to implement ISMS based on ISO-27001.

ISMS ensure the implementation of controls for the overall security of Information Systems.

Information Security Management System
Defining the scope
Preparation of policies and procedures
User Awareness
Defining access matrix
Defining policy for vendor/ISP/ASP management involved in Information Access
Classification of Information on the basis of criticality
Use of encryption for data in transit, data in use and data at rest
Physical and logical security to IT infrastructure where the information is stored
Alignment of roles and exception handling
Incident reporting and forensics

TQMS based on ISO-9001

As a part of policy, the product quality at manufacturing industries, TQMS is implemented.
TQMS ensure the implementation of controls for the overall quality of production.

Total Quality Management Systems
Preparation of Policy for TQM
Defining the procedures to achieve TQM
Defining roles and responsibilities
Employee Awareness
Defining the reports and frequency
Reporting Authority
Periodic Internal Assessment
Corrective Actions
Alignment of TQM with business goals.
Continual Improvement Process

BCMS based on ISO-22301

Business continuity is the core component for any organization to maintain the reputation by providing seamless services.
BCMS is implemented to ensure the availability of services for all time whenever customer demands for.
Cloud App audit addresses these risks and ensures the organization for Cloud Functionalities.

Business Continuity Management System
Defining the scope
Preparation of policies and procedures
User Awareness
Defining access matrix
Defining policy for vendor/ISP/ASP management associated with Business Continuity
Defining roles and responsibilities for business continuity
Assurance for the availability of data at DR Site
Defining RPO and RTO
DR Drills and reporting
Physical and logical security at DC and DR Site

ITIL/ITSMS based on ISO-20000

As a part of policy, the support service quality at service industries, ITSMS is implemented.

ITSMS ensure the implementation of controls for the overall quality of service.

Consultancy for the implementation of
IT Service Management Systems
Establishing policy for ITSMS
Procedures for the maintenance and improvement of ITSMS
ITSMS Life Cycle including planning, designing, transition, delivery and improvement of services
Defining requirements
Defining service deliveries to value customers, users and organizations
Employee Awareness
Periodic Internal Assessment
Corrective Actions
Alignment of ITSM with defined goals.
Reviews and corrective actions for improvements

COBIT Implementation

COBIT (Control Objectives for Information and Related Technologies) is a framework created by ISACA for information technology (IT) management and IT governance. The framework is business focused and defines a set of generic processes for the management of IT, with each process defined together with process inputs and outputs, key process-activities, process objectives, performance measures and an elementary maturity model.
Identification of processes and mapping the controls: Evaluate, Direct and Monitor (EDM); Align, Plan and Organize (APO); Build, Acquire and Implement (BAI); Deliver, Service and Support (DSS); and Monitor, Evaluate and Assess (MEA).

Consultancy for the implementation of
Control Objectives for Information and Related Technology
Identification and analysis of drivers of change
Determination of existing position
Defining the goals
Recognizing the factors to be improved.
Formulation and presentation of plans
User Awareness
Reporting and alignment to goals
Periodic Assessment of controls
Maintaining the momentum
Continual Improvement

SOC Audit

Assessment of the controls implemented to adhere with SOC-2. SOC-2 is a framework applicable to all technology service or SaaS companies that store customer data in the cloud to ensure that organizational controls and practices effectively safeguard the privacy and security of customer and client data.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

HIPAA Audit

Assessment of the controls implemented to adhere with HIPAA Guidelines. HIPAA is the regulatory guideline for the storage, transportation and processing of healthcare information at US. The regulation is equally applicable to the organizations, processing the healthcare information of US citizens outside US.

Health Insurance Portability and Accountability Act
HIPAA clause interpretation and policy preparation
Self Assessment
Code review
Embedded controls for access restrictions
Encryption to health care data in transit, data in use and data at rest.
Exception handling
Periodic verification
Secured change management
Use of cryptography for access allocation
Monitoring and reporting system

Consultancy to Implement PCI DSS/PA DSS

PCI DSS (Payment Card Industry Data Security Standard) is the standard defined by a joint venture of Amex, JCB, Discover, VISA and Master Card. The organizations handling the customer’s financial and payment card information, should qualify the PCI DSS regulations. The crucial information like CVV should not be allowed to store and other information captured should be discarded after a certain time frame. We assist the organizations to implement PCI DSS Controls.

Payment Card/Payment Application Data Security Standard
Determination of PCI Level
Mapping the flow of cardholder data
Self Assessment
Security Policy, Password Policy, Protection to stored data and encryption to transmission.
Implementation of Firewall/DMZ and Antivirus
Development of secure systems and Applications, Restricted logical and physical access to cardholder data and system components
Monitoring accesses to networks and cardholder data, regular testing of security systems and processes.
Conducting Vulnerability Scan for Infrastructure and Code, compliance to observation in vulnerability scan
Preparation of Documentation
Monitoring and Reporting

Consultancy for the implementation of guidelines issued by RBI, IRDA and SEBI

The pool of competent professionals with diversified experience from various domains, enabled us to implement the guidelines issued by RBI, IRDA and SEBI to Banks and NBFCs, life and general insurance companies and public sector companies.

Preparation of policies
Defining procedures
Implementing controls
Defining access control matrix and roles
Defining responsibilities and allocation of accesses to data and infrastructure
Defining the regulatory reports and authority to generate.
Defining the MIS reports and authority to generate.
Internal and concurrent audits
Checklists for the audits and assessments
Change request management and documentation, Call logging and documentation
Monitoring of accesses