IT Security Governance
IT Security Governance (ISO 27001)
Softlab provided support to a leading provider of liquid and food packaging equipment, services, and solutions in improving the effectiveness and efficiency of its IT Security Governance processes to achieve compliance with the ISO 27001:2013 standard. The project involved the evaluation of key IT processes related to Security Governance, specific reference to Identity & Access Governance (IAG) and User Access Management.
To achieve compliance with the ISO 27001:2013 standard, Softlab analyzed the level of implementation of security controls required and prepared a gap analysis against the standard's requirements. They drafted and updated IT Security policies and procedures, defined improvement actions for user access management processes, and analyzed relevant SAP transactions for each scope area. The team analyzed SAP access profiles to assess the correct assignment of profiles to users and identify actions to resolve issues. The IT Security Governance project activities were supported, and Softlab helped in the implementation of an Information Security Management System compliant with the ISO 27001:2013 standard. Additionally, Softlab provided support for managing the requisitioning and testing of an IAG solution (Sailpoint).
The Softlab team's support led to the design and implementation of new account management processes, oversight of Segregation of Duties, definition of a mapping dashboard between requirements included in policies and controls of the ISO 27001 standard, and compliance with parent company policies.
The project involved the evaluation of key IT processes related to Security Governance, including Identity & Access Governance (IAG) and User Access Management. Softlab analyzed relevant SAP transactions, assessed SAP access profiles, and helped in the requisitioning and testing of an IAG solution (Sailpoint).