Governance

Risk &
Compliance
People, Controls, Processes, Technology
1. Do we have adequate control?
2. Are we compliant?
3. How do we assimilate the new trends and use them for business benefits?
4. Are we supporting and furthering the business goals?
5. How do we assure the stakeholders?
6. Can we automate the whole thing?
Business Challenges
Business Challenges & Key Questions

Our six part process helps our customers to:

Establish a IS strategy in alignment with business goals, trends in
security & privacy landscape and prevailing priorities
Establish a security and/or privacy governance structure;
depending on the maturity & situation these may be independent
structures.
Integrate governance, risk & compliance management processes
Establish the assurance processes (audits, security and/or privacy
assessments)
Automate the GRC processes & integrate with other
business/business support applications
Manage the implementation & day to day operations of the
framework

Our Solution
Key Questions?
1. Silo based management of information security
2. Rapid changes to business & security landscape
3. Lack of correlation between risk & control decisions
4. Inability to depict value to business
Risk Management Services
Managing Information Risk Information Risk Advisory Services
The Aujas Solution: An integrated security and/or privacy framework that ties in information security governance, risk and compliance management.
Governance roles & responsibility aligned to
ISO27001 & ISO38500
Integration process for risk and compliance
management
Methodology for developing legal,
regulatory based control database
Alignment of Policies & high level Infosec
processes
Integration of KPI, KRI, review mechanism to
depict & sustain value
IS Strategy aligned to business goals,
security & privacy landscape and priorities
Policies &
Standards
Security
Programs
(Security Operations, Data/Asset/Records
management, Application security, Identity &
Access management, vendor management,
Training, physical security, etc.)
Aujas Value Proposition & Thought Leadership:
GRC Consulting: We provide the functional consulting required for the organization to move to a GRC platform as well as
the engineering required for effective implementation of the automation and its integration with other security
technologies for integrated control & reporting.
Compliance Manager: allows the Aujas and its customers manage integrated control library, perform assessments against
the controls, manage evidences, provide audit reports, send notifications, generate multiple reports and track audit
findings and remediation.
Gamification allows us to collect the critical data within 8-10 business processes that can cause significant impact within
a matter of hours, this method can be used for projects like ISO27001, ISO22301 etc.
Our Value Enablers (Tools & Processes)
Aujas Experience
GRC consulting for Govt. of India
Compliance Manager
GRC consulting for leading telecom co.
Framework design for Large telecom co. Process design consulting for Large ITeS co.
We designed a framework using a combination of best practices and legal requirements, the framework
addresses the entire governance, risk and compliance management space including vendors. The processes
are also being automated on a GRC platform including integration with other security tools and also
provides dashboards for the management.
We designed a framework aligned to COSO, ISO31000 with an integrated control database containing four
requirements COBIT, ISO27001, ITILv3 & Japanese Personal Information Privacy Act. The client can now
assess & ensure compliance with multiple requirements and trace back Risk and control decisions.
We designed a threat management framework comprising of asset, vulnerability and risk management processes and linkages
for assets with business processes, classification and owner and custodian mapping. The framework was automated on GRC
tool and integrated with asset management, vulnerability management and HR database.
We conducted a gap assessment to identify the nature of adaption required to align and reuse their NOC processes and
architecture for their SoC. Post which the architecture and the processes were defined inline with the existing processes and
ITIL v3 processes. Aujas also assisted by monitoring during transition of the first customer to the SOC.
Risk Management Services
Managing Information Risk Information Risk Advisory Services
Design
Implementation
Integration
Software Engineering
Sustenance (VISO)
Operations
Enabling customers align,
update their GRC
frameworks for technology
implementation
Managing the
transformation and leverage
value from the technology
Sustain the information
security initiatives
leveraging the technology
Aiding the sale with POCs
functional specifications
Help customers derive value and build a strong customer
referral, lead to upsell of licenses and potentially other
solutions/modules
Intelligent (what makes
sense for the customer)
Technology implementation
and go live
Help customers derive
incredible value in their
environment
Technology implementation,
configuration and enabling
users with access, workflows
and reports
Custom integration of
technology with enterprise
tools for automation and
unparalleled value
Annuity based operational
management of the
technology
Functional Consulting
Technology Consulting
How we help
our
customers
How we help
our partners
How we help
our partners
How we help
our
customers
Manage outsourced annuity
operations