ISBC Scorecard
ISG has rolled out a Tech M wide initiative for publishing an
Account Dashboard on information security/risk compliance. This
dashboard is meant to apprise Account Coordinator and IBG management
with its performance on parameters under Information Security,
Business Continuity, Regulatory and Client Contractual Obligations
on information security.
Scope
The Dashboard captures its inputs from various
system-generated reports for each of the auditable project/accounts
and a consolidated score for the Account is drawn basis
calculations inferred on the same. Our approach includes
performance scores on parameters such as Client Contractual
obligations (derived from security excerpt of the MSA/SOW), Client
Audit Compliance (from audit reports for the Engagement), Business
Impact Analysis, Drill Compliance, Ageing of Non-compliance,
Customer IP, Technical Vulnerabilities, Human resource, Physical
security, Data Privacy etc.
Proposed Score Methodology
| ### |
As Revenue Owner Score Card |
Not As Revenue Owner Score Card |
| Accounts |
AS Revenue owner based on Quarterly results |
AS Non Revenue owner based on Quarterly results |
| NC Raised/ Open |
Considering all Open and Raised NCs, (Note: Exclusion to
be considered) |
Considering all Open and Raised NCs, (Note: Exclusion to
be considered) |
| EWS Raised/ Open |
Considering all Open and Raised EWs, (Note: Exclusion to
be considered) |
Considering all Open and Raised EWs, (Note: Exclusion to
be considered) |
| Incident raised/ Open |
Based on revenue owner (Mapping towards customer
affected) |
Not Applicable |
| For Score Deduction |
Considered |
Considered |
| Exclusion |
NCs and EWs raised for Project IDs that are not part of
cluster as Revenue Owner will be excluded |
NCs and EWs raised for Project IDs that are not part of
cluster as Non-Revenue Owner will be excluded |
Proposed Scoring Pattern
| Sr. |
Category |
Sub Category |
Drilldown of Score Deduction |
| 1 |
Internal Audit NCs Open |
NC Open Major |
- NC OPEN ( 0 to 30 days) Score off= 2
- Major NC OPEN ( >
100 Days) Score off = 5
- Major NC OPEN (> 30 days ) Score off = 3
|
| 2 |
Internal Audit NCs Open |
NC Open Minor |
- NC OPEN ( 0 to 30 days) Score off = 1
- Minor NC OPEN ( > 100 Days) Score off = 2
- Minor NC OPEN ( > 30 days ) Score off= 1
|
| 3 |
Internal NCs Raised |
Major |
- NC Raised between (1st to 30th of every month) will be
considered.
- Major NC's Raised Score off= 2
|
| 4 |
Internal NCs Raised |
Minor |
- NC Raised between (1st to 30th of every month) will be
considered.
- Minor NC's Raised Score off= 1
|
| 5 |
EWS/ SPOT/ RAID Open |
Major |
- Major score off (irrespective of SLA) = 1
|
| 6 |
EWS/ SPOT/ RAID Open |
Minor |
- Minor score off (irrespective of SLA) = 1
|
| 7 |
EWS Raised (Gap Assessment) Raised |
Major |
|
| 8 |
EWS Raised (Gap Assessment) Raised |
Minor |
|
| 9 |
VAPT |
Major |
|
| 10 |
VAPT |
Minor |
|
| 11 |
(Customer Audit NC/ Observation) raised |
Open Major |
|
| 12 |
(Customer Audit NC/ Observation) raised |
Open Minor |
|