Task: Analyze Requirements For Security And Compliance
The objective of this task is to understand and document the Information Security And Compliance requirements for the engagement based on the Master Service Agreement, statement of work and its addendums. In addition, risks in terms of Information Security And Compliance must also be analyzed and documented.
Relationships
RolesPrimary Performer: Additional Performers:
Outputs
    Process Usage
    Main Description

     

    As a primary step for analyzing the security requirement for an engagement, the Information Security And Compliance Lead must identify the contractual requirements for security. The Master Service Agreement, statement of work and its addendums must be thoroughly reviewed to gather these requirements. In addition, the Group and local /BU/Region Capgemini information security policies must also be reviewed to understand the required minimal level of the security aspects to be followed in the service engagement.

    The scope of security requirements must be clearly understood in terms of:

     

    • Physical and environmental security
    • ODC (offshore development centre) requirement
    • Isolated network requirements (if any)
    • Background checks (BGC) for human resources
    • Applications and infrastructure under scope
    • Access control requirements
    • Data security requirement (if any)
    • Mobile security requirement (if any).

     

    In addition to these requirements, the Information Security And Compliance Lead must also identify compliance requirements.

     

    This would typically include:

     

    • Security standards to which compliance is required
    • Compliance trainings requirements
    • Audit or assessment requirements.
    More Information
    Guidelines

    Copyright © 2017 Capgemini. All Rights Reserved.