Once the security and compliance requirements are established; which include development of the technical, compliance and training requirements, the Information Security And Compliance Lead must start building on the deliverables.

The key deliverables from the Information Security And Compliance stream include:

• Information Security Policy
• Security procedures and controls
• Information Security Plan
• Deliverables for data privacy compliance
• Deliverables for export compliance
• Developing communication and training plans.

The security policies, procedures and controls are contained within the Information Security Plan, which is used to drive the security requirements in a project.

Completing the Data Privacy Profile would include establishing techniques like encryption, data masking etc. within the security policies to avoid data privacy breaches in the engagement.

For completing the Export Compliance Requirements, the applicable export regulations for the scope of services provided by the offshore teams or foreign nationals must be understood. Based on this, appropriate data classifications must be carried out.

A detailed training program must be developed to train personnel on the Client’s security standards and the security and compliance framework developed by Capgemini.

A communication plan must be built to support and drive the security initiative in the engagement.

In order to implement the Information Security Plan, few activities need to be executed by other streams. For this it is required that the Information Security And Compliance Lead collaborates with other streams to provide them inputs to be executed in their respective streams. Once the inputs are processed within streams,feedback from the relevant stakeholders must be received.