Task: Develop Security Requirements
In this task, Information Security And Compliance Lead will develop the security requirements once the basic security framework is in place.
Relationships
RolesPrimary Performer: Additional Performers:
Outputs
    Process Usage
    Main Description

    Based on the understanding of the obligations for security and compliance (Capgemini Group, local and contractual), the Information Security And Compliance Lead must start developing the technical requirements for security. The overall compliance requirements must be established here.

     

    This would typically include building on the requirements for:

     

    • Physical and environmental security - If need for a separate ODC (offshore development centre) for running the service is identified, the Information Security And Compliance Lead must detail out the technical requirements for establishing the same. This may include requesting for isolated network requirements, controlled entry points, surveillance setup, connectivity etc. This should also include understanding policies for configuration of laptops, workstations, servers etc.
    • On-boarding and off-boarding procedures – The Information Security And Compliance Lead must understand and document the Client’s on-boarding process. This may include completion of background checks (BGC) requirements, requesting accesses for the team, etc. Also, the off-boarding process must be understood and documented
    • Access management – The Information Security And Compliance Lead must understand the nature of accesses that can be provided within the Service Delivery Team to the applications and infrastructure under scope. The policies around access provision should also be studied to detail out the need for periodic reviews of access permissions, use of two-factor authentication, controlled use of admin privileges, authentication and password management, etc.
    • Application and data security requirement (if any) - This should detail out need for encryption, vulnerability assessment, pen testing, remediation etc.
    • Requirement for vulnerability assessment, pen testing etc.
    • Information Security Management Tools- The Information Security And Compliance Lead must identify a list of tools required for driving security and compliance and communicate the same to the Technology And Infrastructure Lead.
    More Information
    Guidelines

    Copyright © 2017 Capgemini. All Rights Reserved.