CASE STUDY
Information Security and Privacy Program at an Indian Payroll Processing SMB
Context
Arrka worked with the client, who is a services plus SaaS player, to understand all the compliance related requirements faced by the client either on account of geographic reach or contractual terms laid out by their clients. This was done using the Arrka framework and applicable controls.
Subsequently, we worked with the team to get the organization certified across multiple standards while, simultaneously, ensuring the multiple contractual as well as regulatory requirements were addressed. We achieved this across both the Security and Privacy domains. We leveraged our frameworks and the Arrka Platform (APMP) and were able to not only comply quickly but has also been able to sustain the compliance on an ongoing basis. What is more, this was achieved across each layer: of Technology (Infrastructure and Development), Processes, Physical facilities, and People. Our approach enabled the organization to align and work with their own teams, minimizing their dependance on external experts.
Approach
Arrka worked with the client, who is a services plus SaaS player, to understand all the compliance related requirements faced by the client either on account of geographic reach or contractual terms laid out by their clients. This was done using the Arrka framework and applicable controls.
Subsequently, we worked with the team to get the organization certified across multiple standards while, simultaneously, ensuring the multiple contractual as well as regulatory requirements were addressed. We achieved this across both the Security and Privacy domains. We leveraged our frameworks and the Arrka Platform (APMP) and were able to not only comply quickly but has also been able to sustain the compliance on an ongoing basis. What is more, this was achieved across each layer: of Technology (Infrastructure and Development), Processes, Physical facilities, and People. Our approach enabled the organization to align and work with their own teams, minimizing their dependance on external experts.
Solution and Results
The organization attained the necessary compliance and certification as required.
The organization was able to successfully establish an Information Security and Data Privacy team that helped put a structure to the program. Roles and responsibilities were clearly defined.
The organization’s products from a Security and Privacy perspective at a technological level.
Benefits
Rapid achievement of multiple certifications and compliances.
A faster roll out of new product features & functionalities with Security & Privacy requirements incorporated owing to the Privacy and Security by Design Approach deployed. Speedier responses to requirements during the Pre-Sales process
Assurance to Management and Sales teams that they have a secure & privacy-ready offering that is being taken to clients