Governance, Risk and Compliance

In today’s global environment, organizations no longer belong to one location or one city. It’s an extended enterprise with customers, partners and vendors, internal employees, roaming employees generating and accessing corporate data from within and outside corporate boundaries. Adoption of newer technologies like cloud computing and outsourcing of operations to third parties – information risk management has become most important activity than ever. The compliance requirements differ from one country to another. In many companies risk is still managed in organizational silos where the risk interpretation is different. This kind of approach in current dynamic business environments cannot mitigate organizational risks and threats.

Risk and compliance requirements should be addressed in holistic way including strategic, financial and operational elements. More and more companies are looking at an integrated and automated GRC management to reduce cost and enhance business value. This allows top management to clearly articulate the organizations risk appetite.

Quoinx Technologies helps organizations with an end-to-end GRC lifecycle which includes requirements analysis, product selection, design, integration, implementation and ongoing support. While our advisory team works closely with customer in selection and design the frameworks, our technology teams implement and integrate the GRC technologies into the existing enterprise systems.

Service We Offer:

ISO 27001

Nowadays the role of IT in corporate governance has more clearly defined and specific. Information technology has become vital function of any organization to support business operations. Fundamental    aspect of IT governance is the protection of information (Confidentiality, Integrity and Availability), on which organization depends for its survival.

ISO 27001 standard helps organizations to manage their information security more effectively. This is the only international certification which defines the requirements for developing a Information Security Management System (ISMS) . The standard can be applicable to any industry and any size and any location.

Quoinx Technologies team of certified implementers and auditors helps our clients to implement ISMS incorporating Plan-Do-Check-Act (PDCA) approach to achieve ISO 27001 certification. Our consultants will guide you in each and every stage of ISO 27001 lifecycle :

  • Scope Definition
  • System study and Gap Analysis
  • Risk Assessment and Risk Treatment
  • Statement of Applicability (SOA)
  • Policies and Procedures Documentation and Implementation
  • Security Awareness Training
  • Internal Audit
  • External Audit
  • Certification.

BS 25999 (BCMS)

Business Continuity Management Systems (BCMS) focus on assuring the continuous business processes in case of crisis situations like man-made or natural disasters. BS 25999-1 is a formal standard (code of practice) released by the British Standards Institute. It provides guidelines on the system, response strategies, maintenance, improvements, and implementation of business continuity plans. BS 25999-2 provides the requirements for a Business Continuity Management System (BCMS) based on BCM best practices.

Quoinx Technologies offers comprehensive consulting services to plan, design, implement, and test business continuity and disaster recovery plans. Our consultants follow a phased approach for helping organizations to implement BCMS. Various steps involved are :

  • Scope Definition and identification of critical business process
  • Conduct Business Impact Analysis
  • Design BCM strategy based on the Recovery Point Objective (RPO) and Recovery Time Objective (RTO)
  • Create BCP / DR plans
  • Training and Awareness
  • Implement BCMS
  • Testing and Maintenance