Governance and Risk Consultancy Services Case Study On ISMS Implementation (Agility Logistics P. Ltd.)
Agility is a global company with more than 32,000 employees, and over 550 offices in 100 countries around the world. With over $6 billion in annual revenue, Agility comprises of three key business groups – Global Integrated Logistics (GIL), Defense and Government Services (DGS) and Investment.
Challenges :
Agility wants to implement information security best practice and achieve ISO 27001:2005 certification for its 4 offices (current scope) in India. The client employs over 1000+ employees at these locations and provides support services for logistics operations to internal and external clients. The client has a complex IT infrastructure and has developed and deployed multiple application systems for freight forwarding, custom clearance etc.
The client believed that information security is of critical importance and perceived information security as key to extending the enterprise to enable deep integration with partners, suppliers and customers while aiding compliance with regulations. Thus the client wanted to establish Information Security Governance framework that would be built on existing frameworks and accepted best practices and would bring about a process driven culture in the organisation.
Also client wanted to have seamless connectivity along with redundancy and high performance of its network to support applications PAN India.
Solution :
The solution lay in perceiving Information Security in the context of business risk rather than as a wholly technical issue. This required that the organisation ensures security of its information assets by making information security an integral part of core business operations. The best way to accomplish this goal was to embed information security governance as a part of the internal controls and policies of the organisation.
ISO/IEC 27001:2005 was chosen as the "best" reference because of its combination of comprehensiveness and its international level of acceptance, including rapidly growing usage in the world. ISO/IEC 27001:2005 was written solely for information security practices within a business as a whole, is not IT exclusive, and is built around policy and process.
PCS Consulting, the consulting arm of PCS Technology Ltd. was appointed by the client to implement the ISO/IEC 27001:2005 in the organisation for the said locations in India.
PCS Consulting assisted the client in the implementation of the standard that entailed:
- Scope definition
- Training of the core team, users and internal auditors
- Risk Assessment
- Network Performance Audit
- Network Architecture and Redesign of Network
- Identification of relevant controls
- Documentation involving development of policies, procedures and relevant formats
- Preparing the Statement of Applicability (SOA)
- Preparing the BOM, RFP and vendor evaluation for implementation of redesigned architecture.
The benefits that the client has reported even before certification are :
- Increased security awareness within the organisation
- Consciousness on critical information assets owned and managed by the organisation
- A framework for resolving security issues
- A robust network with optimum bandwidth management and redundancy to support multiple applications and hence support the business in Business Continuity and High availability.
- Enhanced customer' and business partners' confidence and perception of the organisation