B M & ASSOCIATES

INFORMATION SYSTEM SERVICES

ERP Consultancy

Business Solutions helps organizations assess their IT needs categorically and in identifying the most compatible reliable and robust ERP system. Further it ensures the selection of a suitable implementer and monitors the implementation process till it goes live. Apart for the core technical consulting service we also provide change management workshop for the employees for a smooth transmission to ERP.

Being “Neutral" and not being associated with any software or hardware sales, the Major advantage is deployment of multi skilled resources for system study, process fine tuning, and preparation of a comprehensive Request of Proposal for software.

ERP & Audit Services

We help client understand the key risks and control issues surrounding the ERP systems.

With the integrated system there are lots of technical complexities where the modules automatically create entries in database for each other to avoid risk on Reliability and availability of data, ERP System allows flexible configuration, cutomization and maintenance.

To overcome and mitigate the risks associated a periodic ERP Audit will address below aspects in ERP Environment:

  • Implementation Review:
    • High Level and essential practice that validates whether the implementation has been carried out in an optimal manner that supports business needs.
  • Business Audit:
    • Review of business process configured in the modules to ensure key controls are in place for modules & components in the ERP system.
  • Module Features Mapping:
    • Review of features configured in the modules and identify the missing features and functions of modules and components.
  • ERP System Security Review:
    • Ensures the system administrative component is properly configured and the system is secured.

Information Security Audit

Security breaches and attacks mean downtime and unwanted expense for organizations. Keeping up with the latest vulnerabilities and threats requires a considerable amount of time and effort.

Information Security Audit will provide assessment of organizations current IT security infrastructure. In this process security risks and exposures are identified within enterprise policies, processes, procedures, practices, networks, systems and applications. Client gets an outside security review of their environment which analyzes and measures their level of security versus industry standards and best practice.

KEY BENEFITS

  • Assesses vulnerabilities by identifying exploitable configuration weaknesses.
  • Analyzes and ranks exploitable weaknesses based on potential impact and likelihood of occurrence.
  • Provides prioritized recommendations for mitigating or eliminating weaknesses.
  • After conducting these Vulnerabilities Assessment Services and rectifying the problems, Organizations should have clear understanding that their systems are secured according to company's policies and practices.
  • Benchmark organizations Security and Reduce Downtime allows the client to see, through comparative reporting, the improvements they have made from previous scans and keep up to date on the latest vulnerabilities. It also provides detailed instructions on how to prevent events that threaten your business continuity and uptime.
  • Detailed and Flexible Reporting- allows an organization and members of the organization to view, compare and have better visibility of policy compliance, comparative reports and to track the organizations overall security. Reports can be tailored for different audiences including IT staff, Executive Management and Auditors.

ISO 27001 / ISMS

ISO 17799:2005/ BS7799-1:2005 Information Technology Security Techniques Code of practice for information Security Management for the implementation of ISMS.

We help client frame and help in implement ISMS policy and procedure for organization and handhold the organization to get certification under BS ISO/IEC 27001:2005/ BS 7799-2:2005 which is the certification standard for ISMS.

It consists of 11 security control clauses, 39 security categories and 133 security controls. This standard follows the PDCA model for ISMS processes.

The ISMS adopts the following stages to support organization emulate the standards and qualify for compliance and certification.

Plan (Establish the ISMS)

Establish ISMS policy, objectives, processes and procedures relevant to managing risk and improving information security to deliver results in accordance with an organization's overall policies and objectives.

Do (Implement and operate the ISMS)

Implement and operate the ISMS policy, controls, processes and procedures.

Check (Monitor and review the ISMS)

Assess and where applicable, measure process performance against ISMS policy, objectives and practical experience and report the results to the management for review.

Act (Maintain and improve the ISMS)

Take corrective and preventive actions, based on the results of the internal ISMS audit and management review or other relevant information, to achieve continuous improvement of the ISMS.

ISMS Implementation Services include

  • Facilitating Risk Assessment.
  • Facilitation for Prioritization of risks, selection of controls and risk mitigation.
  • Implementation Support.
  • Certification Support.
  • Post Implementation / Certification Health Check.

DELIVERABLES

  • Information security policies.
  • A comprehensive risk assessment report.
  • Statement of applicability, describing which parts of the ISO/IEC 27001:20045 are relevant and applicable for the organization's ISMS.
  • Procedures adopted to implement the controls including responsibilities and relevant actions.
  • Procedures covering the management and operation of the ISMS.