Information Security Group
|

GAP Assessment

ISG Compliance team conducts information security gap assessment to provide comparison of security program vs overall best security practices to shed light on areas where vulnerabilities and risks are lurking.

An information security-related gap analysis identifies information security gaps that may exist within an organization by examining the current information security stance to industry best practices or standards and regulations.

When to conduct Gap Assessment

ISG compliance team helps Delivery teams in conducting Gap assessment in following criteria

  • Project kick-off (ODC Set-up)
  • Prior to external audit/visit.
  • Project movement / Shift.
  • Changes in the Scope/Project

Raising Gap assessment request

Project Manager / Delivery SPOC send the email request to Cluster’s Risk and Compliance Manager for getting the Gap assessment conducted.

Preparing Gap Assessment Checklist

Ensure the analysis is complete and comprehensive by allowing others to review it prior to implementation.

  • Industry standard security framework (ISO 27001)
  • TechM Information Security Policy and procedures.
  • Compliance requirements mentioned in MSA (MSA Checklist)
  • Any customer specific security controls

Gap Assessment Approach

  • Adopt an information security standard (if one is not already being used).
  • Define the scope of the analysis.
  • Information security standards, policies, plans, protocols, procedures, and guidelines.
  • Create a comprehensive information security questionnaire using MSA/MSA Checklist
  • Identify Gaps and raise Non Conformity in the system
  • Publish the Gap Assessment report
  • Ensure Non Conformity gets closed in the system within the defined timeframe and/or before the client visit to ensure compliance.
Copyright © Tech Mahindra Limited. All Rights Reserved