Information Security Audit

  • 1. Information Security Audit (ISA)

    Lemon's team of Information Security Audit (ISA) and Certified Information System Auditors (CISA) experts and software professionals can help companies in assessing the strength of their information security.

    • The purpose of an ISA Audit with reference to an information system is to
      • Assure its integrity
      • Assure its confidentiality and security
      • Assure its availability
    • The Information Security Audit Framework includes is to
      • Pre-implementation and post implementation reviews
      • Policies and procedures with regards data security, password protection, etc.
      • Network audits
      • Data integrity checks
      • Firewalls
      • Systems software
      • Vulnerability tests
      • ISO 27001 framework
      • Business continuity planning and Disaster Recovery Plan

    We not only do an audit of the information security systems but also consult companies as to how to frame a comprehensive information security framework. We also assist companies in getting ISO 27001 certified.

  • 2. Enterprise Risk Management

    Enterprise risk management (ERM) has gained strategic importance in today's high risk business. Scenario Clause 49 of the listing agreement also mandates a listed company to have in place an enterprise risk management and hence the significance of the same cannot be downplayed.

    Lemon has, over the years, built domain expertise in enterprise risk management having worked with different types of industries in different parts of the country. We Identify and prioritize potential business risks and exposures.

    We provide the following services in this regards is to

    • Developing and implementing enterprise risk management framework

      To identify and implement Risk assessment, Risk evaluation and mitigation strategies across the enterprise. Gap Analysis and control testing to ensure that all the identified risks are addressed.

    • ERM policies & procedures

      Design and develop Risk Management policies and procedures to address all the possible threats and vulnerabilities across the organization. Develop and deploy In detail the action plan/s and risk methodology to ensure the risk free working environment.

    • Assure Comprehensive risk based audit

      IT systems audit in an organized approach to cover risk assessment, impact analysis, probability calculation, control effectiveness and risk score. 360 degree review of threat and vulnerability to underline controls’ effectiveness and failures.

  • 3. IT System Assurance consultancy

    Information technology has become the backbone for every business and in certain cases has become business drivers like Banking & Financial sector, Airlines, Telecom, E-commerce Portals. Manufacturing sector etc. These industries have created technology enabled business models that give them global reach and provide customer centric services with a personalized experience.

    Information Technology Assurance Program is a continuous and dynamic program to ensure that the internal control systems dependent on information technology of organizations remain current, comprehensive, effective and responsive to such changes.

    • IT Systems Assurance - Need and Key Drivers

      Recognizing the need and importance of IT in business, organizations have invested heavily in IT Infrastructure, applications and all other supporting programs. Managements are equally concerned on return on such IT investments. It is imperative that given such critical role of IT in business today, management and stakeholders review the IT systems in a structured and holistic manner and are concerned with following issues

      • Existence and effectiveness of an IT governance framework
      • Effective technology controls to ensure transaction level integrity Confidentiality and timeliness of information processed
      • Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) ensuring availability of data
      • Effective compliance of regulatory requirements and adherence to industry best practices

  • 4. BCM and DR services

    Effective business continuity planning helps to minimize the uncertainty of potential business disruptions by creating a framework to maintain and recover business processes should a disruption occur.

    Natural disasters and business disruptions beyond the control of the organization are necessarily part of the organizations risks profile and risk management strategy. Natural disaster/physical threats could also lead to unauthorized access to critical data, loss of critical data or unavailability of resources which could hamper the business continuity of an organization eventually leading to monetary loss for the organization.

    • Disaster Recovery Site (DR)

      Successful recovery of business operation and restoration to normalcy with minimum impact on resources in case of any planned/unplanned event is the only evidence that proves the effectiveness of business continuity management. For this appropriate disaster recovery policy and procedures need to be defined, documented, approved and communicated by the management.

    • An overview of business continuity plan covers
      • Adequacy of business continuity and disaster recovery plan and procedures
      • Methodology for business impact analysis and risk assessment
      • Adequacy of backup of data, off-site storage and periodic data restoration
      • Awareness on disaster recovery plan and contingency
    • Substantive checks of business continuity plan needs to cover
      • Testing of backup, off-site data storage and periodic data restoration activities
      • Effectiveness drills on evacuation and disaster recovery
      • Availability of data and other resources at disaster recovery site
      • Review of actual work done on the disaster recovery site
      • Validation of Business Impact Analysis, Recovery Time and Recovery Time Objectives
      • Emergency handling procedures
    • Integrated checks of business continuity plan cover
      • Analyzing Interdependencies of the systems and impact on eco-system
      • Validating Legal, Financial and other implications
      • Effectiveness of business continuity plan and business requirements
      • Compliance with legal / contractual obligations of data confidentiality and availability