Information Security Group
|
Home > Assurance

Assurance

Internal audit provides assurance that business processes are compliant with Tech Mahindra security policies, regulatory requirements, and customer contracts. Audits help in evaluating the adequacy of security controls, identifying areas of improvement, and providing recommendations. Audits are of three type based on who conduct them; internal audits, customer audits and certification audits. For External and Certification audits the ISG team helps the Delivery team in the audit.

Process

At the start of the audit, the PMs receives an automated emails to confirm available times and the list of evidence needed for audits. The audit requires to be completed within 30 days of this intimation.

Audit discussion between auditor and project manager are scheduled. The Auditor conducts the audits based on MSA/Certification/Best Practice controls. For each control, evidence of control functioning is required.

On completion of the audit, an automated email is sent to the project manager containing an audit overview, including non-compliance details, report rating and a link to view and resolve Noncompliance’s on AuditVIGIL. AuditVIGIL is the audit tool used by ISG

The project manager is responsible for reviewing and responding to non -compliance by submitting audit feedback in the AuditVIGIL tool. Both the project manager and auditor must align on the action plan and submit evidence for closing the noncompliance. Non Compliances not completed within the stipulated timeframe are escalated as risks and for disciplinary action.
For Any Queries write to : ISGAssuranceLeads@TechMahindra.com

Copyright © Tech Mahindra Limited. All Rights Reserved