Month Date Activity

ISO External Findings Closure Discussion

Senthil, Anoop
ISO Monthly Objectives Discussion Senthil
-Admin & Facilities Metrics and Objectives
July 18-Jun-19 -HR Metrics and Objectives
ISO External Findings Closure Discussion
Senthil, Anoop
July 20-Jun-19 Tracker designing for the findings to be closed
ISO External Findings Closure Discussion
July 24-Jun-19 Sathya
ISO External Findings Closure Discussion
Sathya, Naveen, Anoop
ISO Monthly Objectives Discussion Senthil
-Soft Dev Metrics and Objectives
-Admin & Facilities Metrics and Objectives
-Compliance Metrics and Objectives
Aug 5-Aug-19 -PMO Metrics and Objectives
EchoHealth Questionnaire items review and update
-Validity: This policy needs to be reviewed every year. -This needs to be added to all the policies
Aug 6-Aug-19 -"Key personnel members" to be updated to include ISMG in incident management procedure
Monthly ISO Objectives Followup
-Anoop
-HR Metrics and Objectives
-IT Infra Metrics and Objectives
-Soft Dev Metrics and Objectives
-Admin & Facilities Metrics and Objectives
-Compliance Metrics and Objectives
Aug 6-Aug-19 -PMO Metrics and Objectives
"EchoHealth Questionnaire items review and update
-Information classification for all department documents
Aug 6-Aug-19 -Information Security policy to have version control I
Aug 7-Aug-19 Define BYOD policy and deploy MDM solution to monitor and grant access to personal mobile devices.
ISO Monthly Objectives Discussion - Naveen
Aug 7-Aug-19 ISO Certification Findings Discussion - Naveen
"EchoHealth Questionnaire items review and update
Social media policy needs to be documented and awareness to be provided to all the employees of the
Aug 8-Aug-19 organization.
ISO Monthly Objectives Discussion - Naveen
ISO Certification Findings Discussion - Naveen

-Information security responsibility acceptance and acknowledgement

-ISMS and QMS awareness training to be provided within 30 days of joining
-Achieve and sustain employee satisfaction
-Verification of the return of HR assets and request mail to revoke access rights on employee’s last
working day
-Classification of all documents
Aug 13-Aug-19 -Risk Assessment Review
ISO Monthly Objectives Tracker Followup - Anoop/ISMG/PMO/HR&Admin
-Soft Dev Metrics and Objectives
-Admin & Facilities Metrics and Objectives
-Compliance Metrics and Objectives
Aug 16-Aug-19 -PMO Metrics and Objectives
ISO External Findings Closure Discussion
Senthil, Anoop
Aug 19-Aug-19 Mumbai Monthly Objectives/Metrics Discussion
Aug 19-Aug-19 Accion: Asset and Data Protection & Privacy Clarification -Senthil
 Review session for BLR (ISO Metrics) Discussion - Anoop
Aug 23-Aug-19 Intro session for MUM to start collecting the ISO Metrics Discussion - Anoop
BLR (ISO Metrics) Rescheduling Discussion - Anoop
Aug 26-Aug-19 MUM ISO Metrics Rescheduling Discussion - Anoop
Bangalore ISO Metrics Discussion - Anoop
Mumbai ISO Metrics Discussion - Anoop

Findings status discussion and clarification with external auditors

Monthly Metrics review - Anoop

-Soft Dev Metrics and Objectives
-Admin & Facilities Metrics and Objectives
-Compliance Metrics and Objectives
Sep 5-Sep-19 -PMO Metrics and Objectives
Bangalore ISO Metrics Discussion - Anoop - Call scheduling
Sep 10-Sep-19 Mumbai ISO Metrics Discussion - Anoop - Call scheduling
Sep 11-Sep-19 Asset Tagging Discussion Mumbai - Jeetendra
Bangalore ISO Metrics Schedule Discussion - Anoop/Senthil - Call scheduling
Mumbai ISO Metrics Schedule Discussion - Anoop/Senthil - Call scheduling
Sep 19-Sep-19 Pending Activity discussion - Senthil
Sep 20-Sep-19 GDrive access granting discussion - Krishnaji, Anoop, and Senthil
Bangalore ISO Metrics Discus
Monthly Metrics review - Anoop
-Soft Dev Metrics and Objectives
-Admin & Facilities Metrics and Objectives
-Compliance Metrics and Objectives
October 1-Oct-19 -PMO Metrics and Objectives
Bangalore ISO Metrics Discus
Monthly Metrics review - Anoop
-Soft Dev Metrics and Objectives
-Admin & Facilities Metrics and Objectives
-Compliance Metrics and Objectives
October 2-Oct-19 -PMO Metrics and Objectives
Monthly Metrics review - Anoop
-Soft Dev Metrics and Objectives
October 10-Oct-19 -PMO Metrics and Objectives
Monthly Metrics review - Anoop and Lakshman
-Soft Dev Metrics and Objectives
October 11-Oct-19 -PMO Metrics and Objectives
Set of ISO metrics that are required to be collected month-on-month were discussed

-It was decided to create Google form to scale up the metrics collection across many critical projects
(covering both Bangalore & Mumbai centers)
-Meeting has been schedule for Monday Oct 14th for this action item
-Rajesh & Senthil to share ISO Calendar (covering the schedule of Audits, awareness session for new team
in Mumbai, Audit closure dates, etc) so -that we can publish it across Accion leadership team
-Validation of the ISO metrics collected during Q2 and Q3 for certification process to be completed by
Monday and lock it for submission
-Anoop suggested to have a monthly cadence moving forward to iron out any process related challenges
and review the metrics. Monthly recurring meetings will be scheduled by Anoop (last working day of
every month will be ideal for this executive review)
October 11-Oct-19
 Set of ISO metrics that are required to be collected month-on-month were discussed

-Designing Questions for Risk Assessment for Google Form

-Designing Questions for Secure Developmeng Guide for Google Form
-Information Security Risk Assessment Orientation to Anoop
-Quality Security Risk Assessment Orientation to Anoop
October 15-Oct-19 -Rajesh & Anoop decided to discuss risk assessment questions with Senthil
Designing questions for ISO monthly objectives - Risk Assessment - Anoop

ISMS Risk Assessment

1. Are there any changes (addition, modification, deletion) in the assets of your department?2. Are there any changes
(addition, modification, deletion) in the threats and vulnerabilities to the assets of your department?3. Are there any
changes (addition, modification, deletion) in the existing controls to the assets of your department?4. Are there any
changes (addition, modification, deletion) in the probability, impact, risk value, chance of detection, risk ownership to
the assets of your department?5. Are there any changes (addition, modification, deletion) in the risk exceptions to the
assets of your department?

QMS Risk Assessment

1. Are there any changes (addition, modification, deletion) in the process steps of your department?
2. Are there any changes (addition, modification, deletion) in the known & potential vulnerabilities, risk owners, risks
associated with vulnerabilities to the process steps of your department?3. Are there any changes (addition,
modification, deletion) in the probability, impact, risk value, chance of detection to the process steps of your
department?4. Are there any changes (addition, modification, deletion) in the existing controls to the process steps of
your department?
October 23-Oct-19