Confinav Consulting Pvt Ltd (CONFINAV) do believe that information security is the most crucial aspect of any organization. More than a decade ago, the acclaimed management philosopher Peter Drucker stated, “the diffusion of technology and commodification of information transforms the role of information into a resource equal in importance to land, labour and capital.” The exponential growth of information after the Internet boom of the 1990s shows the accuracy of his foresight. In today’s world, the fortunes of most organizations are tied to the information they possess and the sophistication with which they are able to manage it.

In an increasingly interconnected environment, organizations are keen on adopting e-business models and strive their best in adapting to its rigors and complexity. Today businesses, small or large, are part of cyberspace with internet, mobile devices, social media, the cloud and the like. With IT evolving at an unimaginable pace, new systems and devises have emerged in the form of Internet of Things (IoT), Artificial Intelligence, Robotics and Machine Language. Though contributing to leveraging the competitive advantage of enterprises, they nevertheless contribute also in adding to vulnerabilities and thereby, threats. Threats such as malicious code, computer hacking and denial-of-service attacks have become more common, more sophisticated, making implementing, maintaining and updating information security in an organisation more of a challenge.

We, at CONFINAV, understand that all of the best policies, standards, tools, methodologies, and technologies in the world would mean nothing in the absence of a robust information security architecture. It involves three components, namely, People, Process and Technology. Without one, the security infrastructure is weak and does not serve its purpose of safeguarding an organization’s information assets. CONFINAV pays close attention on all the three components to ensure a robust information security architecture for its clients.

We, at CONFINAV, hold that Governance, Risk Management and Compliance (GRC) are an integral part of an organization’s business model and not a matter to be dealt with in silos. CONFINAV provides unstinting support to enterprises seeking services in this regard.

We, at CONFINAV, understand the level of participation of third-party service providers (TPSP) / vendors in the operations, be it IT or business, of enterprises has reached phenomenal increase. Though these external actors assume responsibility for their part, yet the accountability always rests with the enterprise concerned. This is very much true in the context of regulatory compliance such as under SOx, GLBA, HIPPA etc., and SOC Reports per AICPA, as well. This entails enterprises concerned to ensure the status of security posture and regulatory compliance of respective TPSP/Vendor. With CONFINAV, enterprises can remain relaxed in this regard.

We, at CONFINAV, do accept that information security is not a static concept but a dynamic one. And, in the face of evolving threats and efforts in arriving at corresponding security measures to mitigate possible risks out of such threats, it is quite dynamic. This is why CONFINAV believes in continual Risk Assessment & Monitoring System and does support clients in this direction.

We, at CONFINAV, understand that in the light of current and evolving technologies, electronic data privacy is a global issue and there is a growing public concern surrounding the infringement of personal privacy rights and information security in the way data are transmitted, stored and used across borders on the Internet and wireless devices. Stringent penalties imposed in the EU GDPR perceptibly recognizes that being GDPR compliant is a non-negotiable aspect while dealing with EU clients. We support the clients on GDPR readiness.

We, at CONFINAV, are quite aware that user awareness is quite significant for a successful maintenance of information security. This is the reason why, CONFINAV provides user awareness training on various topics on Information Security.