Information Security Group
|
Services > Portfolio Management

Portfolio Management

Tech Mahindra Ltd. has acquired subsidiaries, which are yet to be fully integrated into Tech Mahindra. Information Security, Privacy and Data Protection are important to the proper function and regulatory compliance of every business. Hence, a subsidiary security council is formed so as to ensure that the subsidiaries have an active risk management program, adhere to compliance and actively mitigate risk that the data and information systems are exposed to in their absence.

Each subsidiary has appointed a senior risk officer and formed a subsidiary security council.

Tech Mahindra has appointed one executive- Subsidiary Risk Manager who liaises with all the subsidiary risk officers for all Risk and Compliance matters including periodic compliance status report from the subsidiary risk officers. Subsidiary Risk Manager works with Risk officers of all subsidiaries to ensure that our subsidiaries (which are not yet integrated) are secure and comply to applicable laws and regulations (w.r.t security and privacy). Through this council we drive maturity improvements and extend ISG services in the area of security testing, monitoring and advice. Each subsidiary also has to undergo a self-driven security assessment based on the Standard of Good Practice that Tech Mahindra follows.

Tech Mahindra shall provide the guidance on the policies to be implemented by the subsidiaries and will ensure:

  1. Each subsidiary has a well-defined security organization.
  2. Each subsidiary has a roadmap to comply with ISO 27000.
  3. Each subsidiary has a privacy and data protection policy in place.
  4. Each subsidiary has a well-defined security policy and improvement plan.
  5. Proper external assurance is provided to the security program and implementation of the same to the subsidiaries.
  6. The interaction between the Tech Mahindra and its subsidiaries are in sync and they comply with appropriate legal requirements while sharing data and IT assets.
  7. The subsidiaries security policies, tools and processes align with the Tech Mahindra security policies, tools and processes.

Additionally, Tech Mahindra is working with Subsidiaries in:

  • Harmonizing with TechM Microsoft and Security Journey and upgrading subsidiaries.
    • Moving to Office 365 and McAfee Endpoint Protection
    • 2FA for remote access to systems
    • ATP for infra, Email and Network
    • Annual Security Audit
    • DMARC compliance
  • Extending Supplier Monitoring Tool and Technology Solutions
    • Periodic Vulnerability assessment
    • Improvement actions on VRR
  • Alignment of subsidiary to TechM Infra, Services and Audit.
    • Creating Information Security Audit Scope document.
  • Incident management Process review

Training

All Subsidiaries are required to have an annual Information Security and Data Protection training and assessment program. TechM is sharing the training program used in TechM with the Subsidiaries for them to customize the program based on their requirements to use in their organization.

Employees who have been provided access to TechM systems, will be able to access TechM Learning portal (DEXT) and have to go through the mandatory security awareness training program

Connect with Manish Sodhi for any queries related to Subsidiary.

Copyright © Tech Mahindra Limited. All Rights Reserved