Some details
Abstract:
Customer employs a team of advisors who deliver to clients total holistic InfoSec risk management solutions through advisors’ products and services. Advisors digitally capture, manages, analyzes and communicates data through Risk portal. The captured data allows organizations, through using Risk Portal, to assist in meeting customer and
regulatory information security expectations, reaching legal compliance and managing third-party risk with continuous visualization and monitoring of risk factors.Client:
Customer helps organizations to satisfy the ever challenging demands set by regulators such as the Federal Trade Commission and Health and Human Services Office for Civil Rights. Additionally, helps organizations to understand and manage the Information Security risks of their vendor network handling the organization’s private data.
Problem Statement:
Customer’s clients face increasing Written InfoSec Program (WISP) challenges and pressures from their business partners, customers, and regulators.
- Organizations face increasing information security pressures from regulators, customers, and business partners.
- Those parties require a heightened awareness and sensitivity to information security and have high expectations of the organization in regards to private and sensitive data.
- Business partners are typically now including contract provisions requiring the counterparty to represent and warrant that organization has a compliant information security program.
Challenges &, Limitations:
- Implement vendor hierarchy along with multiple vendors can associate with one vendor.
- Display maximum survey data on the dashboard for users to identify security risks.
- Implement dynamic survey to handle multiple surveys.
- Manage Assessment with dynamic data with workflow
- Service Provider/Business Associate Invitation
- Managing of organization policy documents and templates.
- Implementation of the assessment workflow for vendors and advisors so that advisor can provide their remediation for the assessment.
Aspire’s Solution:
Aspire provided a web-based product development offshore team since the concept building to product delivery to enhancement, maintenance, and support.
- Our business analysts involved with the customer to understand the core idea and the problems they are facing in the day to day life.
- Delivered the end product by dividing the work into the different milestones so that all the work is being reviewed by the client at the end of each milestone.
- Proposed the best-suited technology stack keeping in mind the short-term and the long-term requirements.
- Implementation of basic survey management and removed third-party dependency with the application.
- Generate dynamic assessment form for the different sections and maintain the assessment data.
- Implemented the process workflow for managing and reviewing the assessment.
- Support for the previous version of the assessment and survey reports.
- Managing the N level of the hierarchy of the vendors.
- Policy document template management and generate dynamic policy document.
- Implementation of custom roles &, permissions for the internal users.
- Implementation of custom invitation templates for sending an invite to vendors and users.
Benefits Delivered:
- Approximate 60% cut down on the operational costs.
- No need to manage separate data each vendor and user.
- Vendors can add their service providers/business associates.
- The new application is user-friendly for vendors and internal users.
- Dashboard design helps vendors to easily identify the risks with associated service provider/business associate and take immediate action.
- Ease of managing and processing a huge amount of surveys and assessments.
- Improved quality of service, better service provided to clients.
- Less human involvement and eliminated dependency on third-party software
- Improved efficiency and better response time.
- Increased customer satisfaction by immediate notification of emails.
- Security measures for managing confidential information.
Technologies:
Liferay 6.2 CE GA6, Liferay MVC portlet, Liferay Plugin SDK, HTML5, CSS3, SCSS, Bootstrap, jQuery, Apache Tomcat, Apache Web Server, Maven, Java 1.7, My SQL, SVN