Client: Physical Product Manufacturing Organization (Multinational)
Location: San Francisco, California - USA
The end client is a manufacturing technology company having multiple patents on their name. They manufacture indoor anti-pollution equipment. They were determined to get themselves compliant with NIST Cyber Security Framework and ISO/IEC 27001:2013 standards as they have a big plan to scale up operations – not only in the USA but also around the world. This is an ongoing project.
The first phase of the project involved performing detailed gap assessment based on NIST CSF framework. We did a thorough gap assessment which ran for more than a month involving multiple stakeholders and leaders of the organization. The detailed report was prepared and submitted. Based on the further request of the client, we prepared an executive summary for top leadership presentation.
Top leadership then approved for starting the second phase of the project for implementation. This phase involved Risk Assessment, other Information Security Management Systems and NIST Cyber Security Framework controls implementation activities.
Our major activities involved (but not limited to):
Defining the ISMS Objectives
Conducting the Risk Assessments for the risks associated with all the activities inside the scope
Drafting the Policies and Procedures in line with the requirements
Preparation of Legal & Compliance Register
Revising the Incident Management Plan
Multiple other policies and procedures related to the scope of work
Designing the templates and forms
Compliance with GDPR
A senior consultant from Gorisco was dedicated for this project to carry out activities as listed above with backend support from other colleagues. It is an excellent project as it involves defining things from scratch and building a robust framework which will help the organization to be compliant and grow in various markets across the globe.
The Client realized the value of our engagement and transformed a “Gap Assessment” project into an end-to-end implementation project
With the good support of the Client, all activities are being completed within the agreed timelines
Due to COVID-19 restrictions, the whole project is executed remotely without any physical meetings
Able to support the UA Client in their time zone
Benefits & Values To Client
Gap assessment clearly brought out the major, medium and minor gaps in the organization’s strategies, processes and policies
This helped the top leadership to pick the priorities and the low hanging fruits which will support their organization
It demonstrated the compliance status and level of associated risks in the organization
Identification of priority (high risk) activities enabled Client to refine their business strategies and channel resources to the areas of greatest needs. These risks are managed through proper assessment and application of the mitigation plans
The whole implementation process is helping the client to become compliant, mature and a truly global company