CASE STUDY
Privacy Program at an Indian Blockchain service provider SMB
Context
The organization in a mid-sized Indian blockchain service provider. It caters to clients in various domains to leverage blockchain tools to enable marketers to efficiently optimize campaigns, connect with customers and track results. The organization needed to implement a robust security and privacy compliance and risk management program that kept up with the continual changes without impacting the fundamentals. Further the company’s clients required it to have robust systems in place for personal data privacy and data protection
Approach
Compliance to any law/ framework/ standard/ contractual agreement requires baselining. Secondly, compliance is contextual. Therefore, Arrka initially worked with the client team to understand and define the boundaries of their compliance. Being a SAAS player, there are ‘under the hood’ compliances which need to be completed and demonstrated while maintaining the confidentiality required for each client. Therefore, we first baselined the compliance requirement using the Arrka framework and applicable controls. Subsequently, we rapidly scaled the same and worked with the team to get the organization certified across multiple standards while, simultaneously, ensuring the multiple contractual as well as regulatory requirements were addressed. We achieved this across both the Security and Privacy domains. Leveraging our frameworks and the Arrka Platform (APMP), the organization was able to not only comply quickly but has also been able to sustain the compliance on an ongoing basis. What is more, this was achieved across each layer: of Technology (Infrastructure and Development), Processes, Physical facilities, and People. Our approach enabled the organization to align and work with their own teams, minimizing their dependance on external experts.
Solution and Results
The organization attained the necessary compliance and certification as required.
They established an Information Security and Data Privacy team that helped put a structure to the program with a clear definition of roles & responsibilities.
The technological level changes suggested strengthened the organization’s products from a Security and Privacy perspective.
Benefits
Rapid achievement of multiple certifications and compliances.
A faster roll out of new product features & functionalities with Security & Privacy requirements incorporated owing to the Privacy and Security by Design Approach deployed. Speedier responses to requirements during the Pre-Sales process
Assurance to Management and Sales that they have a secure & privacy-ready product that is being taken to clients