Client: Physical Product Manufacturing Organization (Multinational)
Sector: Manufacturing
Location: San Francisco, California - USA
Background
The end client is a manufacturing technology company having multiple patents on their name. They manufacture indoor anti-pollution equipment. They were determined to get themselves compliant with NIST Cyber Security Framework and ISO/IEC 27001:2013 standards as they have a big plan to scale up operations – not only in the USA but also around the world.
Our Approach
The first phase of the project involved performing detailed gap assessment based on NIST CSF framework. We did a thorough gap assessment which ran for more than a month involving multiple stakeholders and leaders of the organization. The detailed report was prepared and submitted. Based on the further request of the client, we prepared an executive summary for top leadership presentation.
Top leadership then approved for starting the second phase of the project for implementation. This phase involved Risk Assessment, other Information Security Management Systems and NIST Cyber Security Framework controls implementation activities.
Our major activities involved (but not limited to):
Defining the ISMS Objectives
Conducting the Risk Assessments for the risks associated with all the activities inside the scope
Drafting the Policies and Procedures in line with the requirements
Classification of assets
Preparation of Legal & Compliance Register
Revising the Incident Management Plan
Drafting a Acceptable Use Policy
Drafting a Privacy Policy
Conducting a ISMS Training
Multiple other policies and procedures related to the scope of work
Designing the templates and forms
Ensuring Compliance with GDPR
A senior consultant from Gorisco was dedicated for this project to carry out activities as listed above with backend support from other colleagues. It was a excellent project as it involved defining things from scratch and building a robust framework which in turn helped the organization to become compliant and also grow in various markets across the globe.
The Positives
The Client realized the value of our engagement and transformed a “Gap Assessment” project into an end-to-end implementation project
With the good support of the Client, all activities were completed within the agreed timelines
Due to COVID-19 restrictions, the whole project was executed remotely without any physical meetings
We were able to support the client in their required time zones
Benefits & Values To Client
Gap assessment clearly brought out the major, medium and minor gaps in the organization’s strategies, processes and policies
This helped the top leadership to pick the priorities and the low hanging fruits which will support their organization
It demonstrated the compliance status and the level of associated risks in the organization
Identification of priority (high risk) activities enabled Client to refine their business strategies and channel resources to the areas of greatest needs. These risks were managed through proper assessment and application of the mitigation plans
The whole implementation process helped the client to become compliant, mature and a truly global company