Since the Information Security Plan is critical in driving the security and compliance requirements in the engagement, validation of this plan is imperative.

Validation must be carried out to :

• Ensure policies meet the contractual obligations and Group mandates
• Ensure the procedures and controls are in line with Group standards
• Ensure the Information Security Plan will supplement the Client in meeting their regulatory standards and compliance requirements
• Ensure there are no loopholes while defining the policies, procedures and controls that can lead to security breaches
• Ensure there are no system or tool issues that can lead to security breaches.

The Information Security And Compliance Lead, in concurrence with stakeholders, must carry out the validations. Corrective actions must be implemented in case of gaps and the policies and procedures must be baselined.