Assessment and IT Risk Assessment
Validating the Client's Risk Assessment and Security Compliance
The client is one of Singapore's leading autonomous universities specialising in applied learning and industry-focused education. The client approached Pragma to provide an independent assessment of its readiness for ISO 27001 certification and to assist in identifying key cyber risk areas impacting the organisation. The client aims to ensure the highest information security standards and adopt international best practices. By partnering with Pragma and leveraging on Pragma's expertise in information security, risk assessment, and compliance, the client can validate its Information Security Management System (ISMS) and, additionally, stay on top of its key cyber risks.
Pragma delivered the engagement in two phases:
- Conduct cyber risk assessment
- Evaluate the client's readiness and analyse gaps based on ISO 27001 standards
We interviewed key stakeholders to understand the client's key business, and IT processes clearly. We performed cyber risk assessments focusing on the client's enterprise information security program, security processes and controls safeguarding the information technology environment.
Pragma reviewed the client's readiness for ISO 27001 and identified exceptions. The gaps were diagnosed, and relevant recommendations were categorised into a roadmap to facilitate the implementation prioritisation.
Our work highlighted the top 10 key risk areas of the organisation. Pragma also validated and provided additional insights on existing IT and cyber risks on the organisation's risk register.
Through Pragma's assessment, the organisation better understood its current compliance against ISO 27001 standards. It can work towards bridging the gaps with the recommendations and roadmap provided in our report.