Adaptive Processes...

Adaptive Processes Capabilities

Version: 15.0

Adaptive Processes Consulting Private Limited

Experience World Class Processes!

ISO 9001:2008 Certified

#51, 3rd

Cross, Church Road,

6th Block Annex, Koramangala, Bangalore – 560095

Tel: +91-9743-21-9990

Email: [email protected]

©This document is the property of and proprietary to Adaptive Processes Consulting Pvt. Ltd.

Contents of this document should not be disclosed to any unauthorized person. This document may not, in whole or in

part, be reduced, reproduced, stored in a retrieval system, translated, or transmitted in any form or by any means,

electronic or mechanical.

mailto:[email protected]

Adaptive Capabilities

Adaptive and Partner Confidential Version 15.0 Page 2 of 50

Table of Contents

1 About Adaptive Processes Consulting ................................................................................................... 4

2 Adaptive Services .................................................................................................................................. 6

3 Adaptive Managed Assurance Services ................................................................................................. 7

4 Benefits of Managed Compliance Services ........................................................................................... 7

10. Multi-model implementation ............................................................................................................. 7

11. Adaptive’s approach to multi-model systems implementation .......................................................... 8

5 Adaptive Training Services ................................................................................................................... 9

6 Adaptive Training Portfolio ................................................................................................................. 10

7 Partial list of our esteemed Clients ...................................................................................................... 13

8 Our Success Stories ............................................................................................................................. 14

9 Sample Client Testimonials ................................................................................................................. 16

10 Adaptive client references whom partner can speak to .................................................................... 16

11 Awards and Achievements ............................................................................................................... 17

12 Our system development approach .................................................................................................. 17

13 Merging of Agile and CMMI ........................................................................................................... 18

14 Proposed high level implementation plan ........................................................................................ 19

15 Proposed Time Line – ISO 9001 ...................................................................................................... 19

16 Proposed Time Line – ISO 27001 .................................................................................................... 20

17 Proposed Time Line – ISO 20000 .................................................................................................... 20

18 Proposed Time Line – CMMI L3..................................................................................................... 21

19 Proposed Project Structure ............................................................................................................... 23

20 Roles and Responsibilities ............................................................................................................... 24

21 Project Risk Management ................................................................................................................ 25

22 Communication Management .......................................................................................................... 26

23 Escalation Management ................................................................................................................... 28

24 GRCPerfect – Project Governance and Compliance System for CMMI ......................................... 29

25 Advantages of GRCPerfect .............................................................................................................. 29

26 GRCPerfect Functional Architecture ............................................................................................... 30

27 Sample Workflows in GRCPerfect .................................................................................................. 30

28 Model Mapping – CMMI ................................................................................................................. 35

29 Modules for Compliance Management (ISO 9001, ISO 27001, ISO 20000) .................................. 43

30 Adaptive Management System ........................................................................................................ 44



31 Employee Services Module.............................................................................................................. 44

32 GRCPerfect Support Mechanism ..................................................................................................... 44

33 Definition of Defect Severities and SLA for resolution (in Working Days) .................................... 45

34 Change Request Implementation ..................................................................................................... 45

35 Adaptive Case Studies ..................................................................................................................... 46



1 About Adaptive Processes Consulting

Adaptive Processes is formed with a view to help organizations establish and improve Quality, Security,

Environment, Health and Safety processes in a faster, better and simpler way. We developed world’s first

database driven Quality and Information Security Management System which has been filed for a patent.

We are also certified for prestigious international standard, ISO 9001:2008 from DNV.

Adaptive is also an official member of NASSCOM – Largest association of IT and ITES organizations in

India. We are in process of becoming an official partner of Software Engineering Institute (SEI), USA.

GRCPerfect, an Enterprise Project Governance, Risk and Compliance Management System, is designed

to help companies implement Quality and Information Security Management Systems. It is extremely

user-friendly, simple, easy to maintain yet very effective. It has pre-built processes for CMMI L3, ISO

27001, ISO 9001, ISO 14001, ISO 20001 and ISO 18001.

Some of the unique advantages and benefits Client will acquire when dealing with Adaptive are:

Commitment to Client success – Adaptive is fully committed to Client’s success in implementing

the project. Client can keep 10% of the project fees as project success fee which will be payable to

Adaptive only upon satisfactory completion of the project.

Spirit of Collaboration

Adaptive believes in close collaboration with our clients for mutual benefit. By partnering with

Adaptive, Client gets full access to world-class personnel, systems and processes that Adaptive has

developed with a cumulative experience above 100 person-years. Adaptive is willing to customize it’s

product (GRCPerfect) to meet Client’s requirements in case Client wishes to implement same. Our

solution is also available to Client as an Open-Code option which enables Client to obtain the source

code of the product with additional fees.

GRCPerfect – Enterprise Project Governance, Risk and Compliance Management System -

Comprehensive CMMI, ISO 27001, ISO 9001 and ISO 20000 Management Tool

GRCPerfect is a comprehensive process implementation support tool. It is fully web-based and has

role permission based access to various modules to manage CMMI Level 3, ISO 27001, ISO 9001

and ISO 20000 and Agile project management activities. GRCPerfect works as a comprehensive

metrics management system for above standards.

Comprehensive Metrics Management System – GRCPerfect works as a comprehensive metrics

management system for CMMI, ISO 9001 and ISO 27001. Future plans to include ISO 20000 and

Agile.

Proven Capabilities – Adaptive has successfully completed over 20 CMM and ISO projects with

cumulative experience of more than 100 person-years. Adaptive has encapsulated all of its learning

and best practices into its implementation methodologies.



Personalized Attention – With Adaptive, you are assured of personalized attention from every

member in Adaptive. We take pride in the fact that almost all our Clients have come back repeatedly

to us for their process improvement needs.

Cost Savings - 50%+ cost reduction over traditional methods of process definition and

implementation due to proven tool kits and process implementation system, GRCPerfect.

Effort Savings - More than 50% effort saving from Client side due to automation of processes and

metrics due to proven tool kits and process implementation system, GRCPerfect.

Time Savings – Minimum 3 months effort savings due to proven toolkits for CMMI, Business

Analysis, ISO 9001, ISO 27001, ISO 20000 and BS 25999 due to proven tool kits and process

implementation system, GRCPerfect.

eLearnings – Adaptive has developed eLearning products in CMMI, Business Analysis, ISO 9001,

ISO 27001, ISO 20000, BS 25999 and Internal Audit for continuous learning and also for awareness

development which will be available to Client at no additional cost.

Ongoing Support - Process sustenance support including complete Quality Process Outsourcing

beyond assessment / certification.

A single partner for multiple frameworks – The complexity of integrating multiple implementation

vendors in any project presents numerous and added challenges and risks. With Adaptive, Client can

rest assured that an end-to-end GRC solution will always be provided under a single umbrella.

Accreditations – Adaptive has been certified against ISO 9001:2008 (www.ISO.org), the

international certification for quality of its products and services from DNV, World’s leading

management systems certification agency (www.DNV.com).

Adaptive is an official member of NASSCOM, www.Nasscom.in, the premier industry association

for Software and BPO companies in India.

Adaptive is an endorsed Education Provider for International Institute of Business Analysis

(www.iiba.org), Canada.

We are in the process of obtaining partnership with Software Engineering Institute

(http://www.sei.cmu.edu/), Carnegie-Mellon University which has developed the CMM framework.

We are also in the process of obtaining partnership with Scrum Alliance (www.scrumalliance.org),

the leading association of Agile practitioners in the world.



2 Adaptive Services

Process Definition

We do rapid process definition using Adaptive Portfolio Management System; an application based

configurable management system which is already compliant to industry leading Quality and Security

standards (CMMI, ISO 9001, Agile, ISO 27001 etc.) and industry best practices.

Process Implementation

We provide complete hand holding to the Client organization to implement processes.

We plan, conduct and report project audit activities, meet training requirements and coordinate with

external agencies.

Process Improvements

We execute Process Improvement Projects using Six Sigma methodology.

Process Trainings

We provide complete gamut of Trainings for our Clients. Our trainings are designed and developed with

extensive experience in software process implementation and consulting. They are designed for various

durations depending on intensity and user community needs.

Adaptive eLearning for CMMI, ISO 9001, ISO 27001, ISO 20000, BS 25999, Business Analysis and

Internal Audit



Adaptive eLearning products are comprehensive eLearning solutions for above mentioned frameworks

with certification tests. This helps various participants in the process improvement journey to understand

core concepts behind the standards/models and also test their understanding.

3 Adaptive Managed Assurance Services

1. Establish required management system (s) (policies, processes, templates, guidelines, checklists,

training materials etc.)

2. Plan and conduct quarterly internal audits and follow-up on closure

3. Plan and conduct quarterly management reviews

4. Plan and co-ordinate external audits

5. Follow up and closure of external audit findings

6. Conduct awareness programs for new joiners on the management system every month

7. Collect and publish quarterly process performance metrics

8. Plan and conduct annual Customer Satisfaction Survey

9. Quarterly update Management Systems (QMS, ISMS, EMS, OHMS etc.) as per processes being

modified

10. Access to Adaptive eLearnings for ISO 9001, ISO 27001, CMMI, Internal Audit, Agile and any

future eLearnings developed by Adaptive

11. Keep customer abreast of any update to implemented standards

4 Benefits of Managed Compliance Services

1. Complete ownership and accountability of process management for QMS, ISMS, ITSM and BCMS

2. Zero fees for GRCPerfect – Adaptive Enterprise Governance, Risk and Compliance Management

System

3. Continual improvement using Lean and Six Sigma

4. Multi-client experience to improve organization’s processes

5. Significantly reduced overall cost

6. Process management system

7. Zero recruitment or training cost

8. Periodic internal audit trainings

9. 20% discounts on Adaptive trainings

10. Multi-model implementation

Adaptive is one of world’s leading multi-model implementation organizations. Adaptive is possibly the

first company in the world to develop a management system and management system deployment system

(GRCPerfect) catering to the requirements of the following standards

1. CMMI

2. ISO 9001

3. ISO 27001



4. Balanced Score Card

5. PCMM

6. BS 25999

7. HIPAA

8. Agile (In progress)

9. ISO 20000 and ITIL (In progress)

Adaptive has implemented following multi-model implementations for its clients:

1. HARMAN – CMMI and ASPICE

2. Infinite Computers - CMMI, Agile, ISO 9001, ISO 27001, Six Sigma

3. Ness technologies – Agile, CMMI, ISO 9001 and ISO 27001

4. Ascendum - CMMI, Agile, ISO 9001, ISO 27001

5. Accel Frontline – ISO 20000 and ISO 27001

6. Cross-domain – ISO 27001, HIPAA and BS 25999

7. Clutch Group - ISO 9001 and ISO 27001

8. MACH – Six Sigma, ISO 9001 and ITIL

9. Proteans Software (Now part of Symphony Services) – ISO 27001 and BS 25999

11. Adaptive’s approach to multi-model systems implementation

1. Always develop systems based on organizational needs – best practices exist to serve the organization

– organization does not exist to serve the best practices

2. Practical approach to solve a business need - Our principal and senior consultants come with

significant software development experience

3. Adaptive has is a software development unit of its own.

4. Integrate Quality, Security, HR Management Systems

5. Develop blended learning with both eLearnings on ISO, CMMI, IIBA frameworks and class-room

based trainings for effective implementation



5 Adaptive Training Services

Adaptive Processes provides complete range of services in GRC and process management area.

Adaptive is an Endorsed Education Provider for International Institute of Business Analysis (IIBA),

Canada (http://tinyurl.com/IIBA-Adaptive-EEP)

More than 100 training with close to 2000 person-days of trainings conducted

Entire spectrum of trainings in project, risk and process management

Courses conducted in Bangalore, New Delhi, Pune, Chennai, Bangkok

Courses attended by participants from USA, UK, Australia, Singapore, Dubai

Extremely good feedback ratings

Candidates can pay online in our e-Commerce portal (http://www.adaptiveecom.com/Products)

Our classes are conducted over weekend to help participants minimize their absence from work

Assistance provided for accommodation in Bangalore

Our program delivery methodology is highly interactive with

1. Conceptual theoretical inputs

2. Practical implementation approaches

3. In-class exercises

4. Role plays

5. Sample quizzes

Adaptive has developed more eLearnings on following subjects. These eLearnings have built in quizzes

to test understandings.

1. CMMI

2. Business analysis

3. ISO 9001

4. ISO 27001

5. ISO 20000

6. Agile and Scrum

7. BS 25999

8. QMS Internal Audit

9. Configuration Management

Our faculties are highly experienced with multiple project implementation experience in CMMI, ISO

9001, ISO 27001, and ISO 20001. They have also carried out more than 100 audits for various clients

such as Infosys, IBM, Siemens, and Zenith Software etc. Our faculties provide areas of improvement for

each participant.



Our handout materials content entire slide deck presentation used by the faculty. It also contains other

useful reference. It contains additional space for writing in-class learnings as well. We have provided one

sample copy for ISO 9001 Internal Auditor program as reference for you.

Sample Training Feedbacks:

1. It was a lot of fun and learning at the same time. Thank to LN and all of you for the wonderful time

together. Lets keep in touch. – Mahesh Shenoy, Founder and CEO, Thoughtnet

2. Thanks for a very informative & interactive training. It will be very useful for us on our roles that we

performing. - Regards, Maruthi Prasad, iSoft

3. Faculty with excellent knowledge – Manoj Nair, Mafoi

4. I would definitely recommend this training to others in Accenture!! - Sukirti Sen, Business

Analyst, Accenture

5. It is highly appreciated and acknowledged that the training was very useful and purposeful.

Special thanks to you to make it interactive and collaborative. - S Balamurugan, Senior

Solution Architect, Unisys

6. Thanks for conducted wonderful session and shared your excellent knowledge with us. I felt

this session was knowledge enhancement for me. Hope it will increase my confidence and

perform my roles well in my projects. - Chandra Sekhar Challa (Value Labs)

7. Thanks for the class it was very interesting and informative. - Sheeja Abraham, Azkonobel

More feedbacks can be viewed at

http://tinyurl.com/Linkedin-BA-feedback

http://tinyurl.com/BA-feedback

Current program details can be found at http://www.adaptiveprocesses.com/training-calender.html

6 Adaptive Training Portfolio

Category Course Name # of

Days

eLea

rnin

g

Primary Audience

Cer

tifi

cati

on

CMMI CMMI for Services 2 Yes Quality Managers, Project

Managers, Team Members

CMMI Introduction to CMMI 2 Yes Quality Managers, Project



for Development Managers, Team Members

CMMI CMM Implementation

Workshop

3 Yes Quality Managers, Project


Software Engineering Good Programming

Practices

0.5 Developers

Software Engineering Introduction to

Software Quality

0.5 Quality Professionals

Software Engineering Requirements

Management

1 Business Analysts, Project

Managers

Software Engineering Software Engineering

Principles

1 Quality Managers, Quality

Professionals, SQA, Project

Managers, Team Leads

Software Engineering Introduction to

Software QA

3 Quality Managers, Quality

Professionals, SQA

Software Engineering Software Reviews 0.5 Quality Managers, Quality



Software Engineering Software Testing

Principles

0.5 Testers, SQA, Project


Software Engineering Software Metrics 0.5 Quality Managers, Quality



Software Engineering Statistics for Project

Managers

0.5 Project Managers, Team

Leads, Quality Managers

Software Engineering Statistical Process

Control


Leads, Quality Managers

Software Engineering Quality and Security

Introductions

0.5 Developers

Project Management Introduction to MS-

Project

1 Project Managers, Team

Leads

Project Management Project Management

Basics

2 Project Managers, Team

Leads

Project Management Prograrm Management 3 Program Managers, Project

Managers

Project Management Certified BPO Team

Lead

3 BPO Team Leads Yes

Project Management Stakeholder

Management


Leads

Risk Enterprise Risk

Management

1 IT Managers, IT

Professionals, Quality

Managers

Risk Certified Risk Analyst 2 IT Managers, IT


Managers

Yes

Agile Certified Agile

Practitioner

2 Yes Project Managers, Team

Members

Yes

Agile Introduction to Agile

and Scrum

1 Yes Project Managers, Team

Members



Biz Analysis Certified Business

Analyst

3 Business Analysts, Project

Managers

Yes

Biz Excellence Integrated

Management Systems

1 Quality Managers, SQA

Biz Excellence Continual

Improvement Tools

and Techniques

1 Quality Managers, SQA

BS 25999 Business Continuity

Management

1 Yes IT Managers, BCM

Professionals

BSC Balance Score Card 1 Quality Managers, SQA

CoBIT Introduction to COBIT 2 IT Managers, Quality

Managers

Excel Excel for Executive

Managers

1 Managers

ISO 14001 Introduction to ISO

14000 (EMS)

1 Facility Managers, Quality

Managers


18001 (OHS)

1 Facility Managers, Quality

Managers

ISO 27001 Certified ISO 27001

Internal Auditor and

Implementer

3 Yes Quality Managers, Project


Yes


Implementer

2 Yes IT Managers, IT


Managers

Yes


Internal Auditor



Managers

Yes


27001:2005



Managers


Internal Auditor

2 Yes Quality Managers, SQA,

Internal Auditors

Yes


9001:2008


Internal Auditors, Project

Managers


Internal Auditor and

Implementer


Internal Auditors, Project

Managers

Yes

Six Sigma Six Sigma Green Belt 3 Quality Managers, Quality





7 Partial list of our esteemed Clients



8 Our Success Stories

CMMI

IBM Global Services India – Implementation and sustenance of CMMI Level 5

Infosys Technologies – Implementation and sustenance of CMMI Level 5

IGate Corporation – Implementation and sustenance of CMMI Level 5

Implementing CMMI L3 at Ascendum Solutions

Infinite Computers (GRCPerfect Implementation and QMS Definition for CMMI v1.2 Level 5

implementation)

Turning Point (GRCPerfect Implementation and QMS Definition for CMMI v1.2 Level 3

implementation)

AXA Group Solutions (CMMI L3 implementation Support)

Manhattan Associates (CMMI Training)

OTIS Software (CMMI Training and Gap Analysis)

ISO 27001:2005

AccelFrontline (Implemented ISO 27001 and ISO 20001)

Zenith Software - Completed ISO 27001 certification

JuriMatrix (Clutch group) – Completed ISO 27001 certification

People Tech Group – Completed ISO 27001 certification

Crossdomain - Implemented ISO 27001

Photon Infotech – ISMS system definition

Proteans – ISMS system definition

Metlife – ISO 27001 Pre-certification Audit

Tusker Legal Process Outsourcing - ISMS definition as per ISO 27001

Ness Technologies – ISO 27001 Internal Audit Training and Co-ordination

Management Systems Outsourcing

EmPower Research

V2Soft

Ness Technologies

MACH Teledata

ISO 9001:2008

Clutch Group, Leading LPO player in the world



Empower Research, leading KPO organization in India (Completed ISO 9001 implementation)

Ness Technologies India, part of Largest Israeli IT company (ISO 9001 and CMMI

implementation)

Vati Consulting, Premier Recruitment Process Outsourcing and HR Consulting Firm (ISO 9001

implementation)

Vana Solutions, High-tech solutions provider (ISO 9001 and CMMI implementation)

INSZoom, World’s Leading Immigration Management Software Products organization

Bang (SQA Support)

ObjectWin (SQA Support)

ITIL / ISO 20000

Accel Frontline

MACH Teledata

OnMobile, leading Mobile Value Added Service Provider

HIPAA

Crossdomain – India’s leading Payroll Services organization

Six-Sigma

AkzoNobel – World’s No.1 paint manufacturer

Multinational Automated Clearing House (MACH), World Leader in roaming solutions

Internal Audit Services

Metlife Insurance

Textron

Training

Manhattan Associates, World Leader in Supply Chain Management (CMMI Training)

Mafoi Consulting

Triumph Software Services

OTIS Software

Unisys

Sanovi

QMS Reengineering

Ness Technologies

Infinite Computers



9 Sample Client Testimonials

I would like to thank you (LN) and your team on behalf of ZSL management team for helping us in

getting the successful ISMS assessment audit by DNV. I am confident that your APMS tool will help us

in minimizes our effort in managing Information Security. We thoroughly enjoyed working with you and

look forward to work together for our future endeavors.

- R Natarajan, Chief Operating Officer, Zenith Software Ltd

I find it very easy to do business with you. Thank you for the contribution to our system. We have a great

and open working relationship. We really respect your contributions in helping our organization.

- Puneet Chaddha, Former Head-Delivery, Ness Technologies

Adaptive has been prompt and fast in responding to our requirement, I am extremely happy with their

people competence, and range of service provided. Adaptive would be my obvious choice for any of our

process need. I would recommend this team to my circle.

- SK Mishra, Head-Quality, Infinite Computer Solutions

Adaptive responded to all our requirements immediately. Their service was very good and satisfying. I

appreciate Adaptive resource commitment and hard work. He was very helpful and always ready to go

extra mile to help us out.

- Ruhi Sharma, QA-Director, Arctern Consulting Pvt. Ltd.

10 Adaptive client references whom partner can speak to

Client Name and

Location

Contact Person, Number Products and

Services rendered

Period

Infinite Computers,

Bangalore

SK Mishra

SVP and Head-Quality and Compliance

[email protected]

+91-98450-82566

GRCPerfect

ISO 9001, ISO

27001, CMMI and

Agile

On going

from 2008

Cross-domain

Solutions,

Bangalore

Gobinda Chandra Patra

Head-IT

[email protected]

+91-98454-94113

GRCPerfect

ISO 27001

HIPAA

May 2010

Zenith Software

and BPO

Bangalore

Ramakrishna Udupa

Head-Quality

[email protected]

+91-94492-85553

GRCPerfect

ISO 27001

Ongoing

from Oct

2009

People Tech Group

Bangalore

Mandar Diwan

Head - Delivery

[email protected]

+91-99010-36192

GRCPerfect

ISO 27001

Dec 2009

Ascendum

Software

Narasimha Murthy

Head-Delivery

[email protected]

+91.96633.09374

CMMI and ISO

9001

Aug 2011



Ness Technologies

India Bangalore

Satydarshi Mishra

Senior Director

[email protected]

+91-98453-15097

ISO 9001, ISO

27001, CMMI and

Agile

Oct 2006 to

Oct 2009

Accel-Frontline,

Chennai

Ravi Madhavan

Head-MSOC

[email protected]

+91-95000-92359

ISO 27001 and ISO

20000

June 2010

11 Awards and Achievements

Member of NASSCOM

ISO 9001:2008 Certified from DNV on the first year of operation

Winner of Most Innovative Company Award from Pan IIT-IIM Alumni Forum

Certified Microsoft BizSpark Partner

Nominated for prestigious Tata NEN Hottest Start-up

12 Our system development approach

We believe that the Client can benefit significantly implementing best practices available in the industry

such as CMMI for Development, CMMI for Services, Agile, ISO 9001, ISO 27001, ISO 20000 and BS

25999. We have helped our Clients to develop integrated management systems taking inputs from CMMI

for Development, CMMI for Services, Agile, ISO 9001, ISO 27001, ISO 20000, BS 25999 and HIPAA.

Some of the basic principles we follow while designing the system are:

1. The system shall be as simple as possible

2. System shall be designed in layered architecture

3. Maximum possible re-use of existing documentation and practices

4. Usage of terms as practiced in the organization

5. Systems shall be made role-specific

6. Looking at the organization as a wholesome entity

7. Integrated Quality, Security, HR Management System

8. Simple systems

9. Integrated data management system

10. Cross-functional teams

11. Regular feedback from all stakeholders regarding process expectations and performance against them

12. Make policies and processes role and context based

13. Tailor processes as per complexity

14. Integrating all audits



15. eLearnings

Adaptive’s GRCPerfect comes pre-built with processes for CMMI for Development, CMMI for Services,

Agile, ISO 9001, ISO 27001, ISO 20000 and BS 25999.

Client Existing System Inputs

Project Management Experiences

=

Client QMS

Plus

Adaptive Experiences Inputs

Plus

Best Practice Inputs

13 Merging of Agile and CMMI

Adaptive has helped many of its Clients to integrate their processes for both Agile and CMMI (Infinite,

Ness etc.). The proposed Principal Consultant for the project is also a Certified Scrum Master who has

helped many Clients adopt Agile principles (Ness, Wipro, Infinite etc.).



14 Proposed high level implementation plan

15 Proposed Time Line – ISO 9001

Activity Primary Secondary Start Wk End Wk

Project Kick-off and Core Group identification Partner Adaptive 1 1

Understand Current processes and systems Adaptive Partner 2 3

Core group orientation Adaptive Partner 3 3

QMS Manual Preparation Adaptive Partner 3 3

QMS Manual Review and update Adaptive Partner 4 4

QMS Process Definition Partner Adaptive 4 8

QMS Process Review and update Adaptive Partner 6 8

User Awareness Training Partner Adaptive 9 9

Implementation 1 Adaptive Partner 10 14

Metrics collection Adaptive Partner 15 15

Internal Audit Partner Adaptive 16 16

Management review Partner Adaptive 16 16

Closure of Internal Audit Findings Adaptive Partner 17 18

Implementation 2 Partner Adaptive 19 22

Closure of Internal Audit Findings Partner Adaptive 23 24

Document Review Partner,

External

Auditor

Adaptive 24 24

Closure of Documentation Review Findings Partner Adaptive 25 25

Certification Audit Partner, Adaptive 26 26



External

Auditor






ISMS Policy, SoA definition Adaptive Partner 3 4

ISMS Manual Preparation Adaptive Partner 4 4

ISMS Manual Review and update Adaptive Partner 4 5

Department Wise Infosec Policy Definition Partner Adaptive 5 6

Policy review and update Adaptive Partner 6 6

ISMS Process Definition Partner Adaptive 7 9

ISMS Process Review and update Adaptive Partner 9 10

Business Continuity Planning Partner Adaptive 11 11

Vulnerability assessment and penetration

testing (VAPT)

Adaptive Partner 12 12








Business Continuity Planning and testing Adaptive Partner 23 23

Fire Drill Exercise Partner Adaptive 23 23



External

Auditor

Adaptive 26 26


Certification Audit Partner,

External

Auditor

Adaptive 30 30

Closure of certification audit findings Partner Adaptive 31 32








SMS Manual Preparation Adaptive Partner 3 3

SMS Manual Review and update Adaptive Partner 4 4

SMS Process Definition Partner Adaptive 5 9

SMS Process Review and update Adaptive Partner 9 10

Service Continuity Planning Partner Adaptive 11 11








Service continuity testing Adaptive Partner 23 23



External

Auditor

Adaptive 26 26


Certification Audit Partner,

External

Auditor

Adaptive 30 30

Closure of certification audit findings Partner Adaptive 31 32

18 Proposed Time Line – CMMI L3

Activity Week Responsibility

Start End Primary Secondary

Plan for CMMI Implementation 1 8 Adaptive Client

Secure Sponsorship and Funding 1 2 Client Adaptive

Core Team Training 2 2 Adaptive Client

Understand current processes and systems 2 4 Adaptive Client

Conduct gap analysis 4 4 Adaptive Client

Suggest data infrastructure 5 8 Client Adaptive



Define Policies and Processes 5 10 Adaptive Client

Progress review 10 10 Client Adaptive

Implementation Cycle 1 11 21 Client Adaptive

Train all project members on CMMI 11 18 Adaptive Client

Identify FAR groups 12 13 Client Adaptive

Conduct practice implementation review 12 15 Adaptive Client

Implement QMS 11 20 Adaptive Client

Review of progress 21 21 Client Adaptive

Internal Assessment 22 29 Adaptive Client

Identify Assessment Team Members 22 22 Client Adaptive

Develop Assessment Plan 22 22 Adaptive Client

Prepare assessment questionnaires 22 23 Adaptive Client

Conduct Assessment 24 25 Adaptive Client

Present Findings 26 26 Adaptive Client

Close internal assessment findings 26 28 Client Adaptive


Pre-Appraisal 30 32 EA Client

Intro to CMMI training and Pre-Appraisal by Lead

Appraiser

30 30 EA Client

SCAMPI Training(Overview) by LA (2-one day

session )

30 30 EA Client

Gather Data 31 31 EA Client

Reporting Results 32 32 EA Client




Implementation Cycle 2 33 36 Client Adaptive

Close gaps identified during Pre-appraisal 33 34 Client Adaptive

Improve and release new version of QMS 33 36 Adaptive Client

Final Appraisal / Audit 37 44 EA Client

Final Appraisal 37 38 EA Client

Close appraisal findings 39 44 Client Adaptive

19 Proposed Project Structure



20 Roles and Responsibilities

Role Name Job Description

Client Representative Obtain consensus among various stakeholders

Execute projects on time, within budget, adhering to quality standards

Managing all deliverables of the project

Responsibility for team and team direction

Set project standards

Regularly interact with Senior Management

Defines and allocates project tasks

Adaptive Principal

Consultant

Works closely with the Client process manager

Provides inputs on standard requirements

Conducts trainings

Participates in key management reviews

Provides guidance to team on implementation

Adaptive Senior

Consultant

Understands current processes and updates the same for standard

Conducts practice implementation reviews

Participates in internal and external assessments

Assists Project Managers on process implementation

Reviews metrics data

Client SEPG Core

team

Provides inputs on current processes and updates the same for standard

Conducts practice implementation reviews


Assist Project Managers on process implementation

Review metrics data

Adaptive Consultant Assists Adaptive Senior Consultant

Updates processes for standard



Follows-up on practice implementation reviews


Assist Project Managers on process implementation

Assists Project Managers to collect metrics data

21 Project Risk Management

A steering committee shall be formed between Client and Adaptive. The steering committee is proposed

to have following members:

Client Delivery Head

Client Representative

Client Quality / IT Team

Adaptive CEO

Adaptive Principal Consultant

This Steering Committee shall meet at least once in month or as needed to discuss project progress, risks,

issues, and resource requirements.

The major risks associated with the project will be identified, and relevant interventions made to contain

them. The risk items shall be prioritized and monitored accordingly on a continual basis, and corrective

action taken, when necessary.

Adaptive is aware of the various risk factors associated with the assignment, the impact of the risk

factors on the project schedules and the quality and the measures to control and manage the risk factors

are identified. The objective of the planning shall be to highlight the risk factors, analyze the impact of

the risks on project execution and identify strategies to control and minimize the impact of the risk

items.

The table below lists the potential risks that Adaptive foresees in this project along with suitable

mitigation plans.

Risk Probability Mitigation plans

Delay in review and

approvals

Medium - Steering committee to look into the same in every

meeting

- PM to track on weekly basis

Availability of Client

resources

Medium - Client and Adaptive will jointly plan for the resource

requirements. This planning should be done at the start of

each phase and resources required should be informed in



Risk Probability Mitigation plans

advance for availability.

- Adequate adjustments need to be made in the project plan

to accommodate any resource conflicts

Loss of skilled

manpower

Medium - Ensure that important knowledge is documented, as well

as spread across more than one person in the team.

- Shadow resources at Adaptive

Delay in selection of

assessment body


meeting


Delay in decision on

metrics management

system


meeting


Long leave taken by


Medium - Identify this from beginning and if there is any such

possibility, identify back-up Client process manager from

beginning

22 Communication Management

Client project manager is the single point of contact for all project-related information within the project

framework. For issues that need to be escalated beyond the Client project manager, escalation

mechanisms for this engagement have been drawn and detailed under the heading “Escalation process”.

Client PM is responsible for the program management in aspects relating to Adaptive. This includes

communicating and coordinating with third parties like the hardware/software vendor, and the network

provider, as applicable.

Adaptive provides Client access to its internal project management tool which is hosted in a Client

environment to view status of the progress of the project. The application also allows Client to obtain

weekly and monthly status reports for the project.



The modes of formal information for the project would be weekly and monthly project review meetings.

The recommended hierarchy of management meetings for the purpose of overall project monitoring and

control is tabled below:



Level Description Frequency Key Members

1 Project Steering

Committee Meeting

Once every month Client Delivery Head


Adaptive CEO


2 Project Status

Review Meeting

Weekly Client Representative

Client Quality / IT Team


Adaptive Senior Consultant

Adaptive Consultant

23 Escalation Management

The following table outlines the Escalation flow and the people involved in the project:

Escalation

Criteria

First Level Timeline for

Escalation

Second Level Timeline for

Escalation

Delays in getting

approvals

Adaptive Senior

Consultant to

Client PM

Delay of 3

working days

Adaptive Senior

Consultant to Client

Program Manager

Delay of 5

working days

Slippage in project

schedule

Adaptive Senior

Consultant to

Client PM

On weekly

reporting basis

Adaptive Senior

Consultant to Client

Program Manager

On weekly

reporting basis

Slippage in

Delivery

Milestones

Client PM to

Adaptive Senior

Consultant

Delay of 3

working days

Client PM to Adaptive

- Head of Engagement

Delay of 5

working days

Work quality

Issues

Client PM to

Adaptive Senior

Consultant

Weekly Client Program

Manger to Adaptive -

Head of Engagement

If not resolved

by Senior

Consultant



24 GRCPerfect – Project Governance and Compliance System for CMMI

GRCPerfect is an Enterprise Governance, Risk, and Compliance Management System. It is designed to

help companies implement Governance, Quality, and Information Security Management Systems in an

integrated manner. It is extremely user-friendly, simple, easy to maintain yet very effective. It has pre-

built processes for CMMI Level 5, ISO 27001, and ISO 9001. GRCPerfect is a complete data

management system for CMMI Level 5, ISO 9001, and ISMS. Some of the key aspects captured are

Complete Program and Project Planning and Tracking supporting CMMI, ISO 9001 and Agile

Schedule, Defect, Effort, Risk, Issue, Change Requests, Quantitative Process Management, Sub-

Process Metrics and other 40+ data capture needed by CMMI, ISO 9001 and ISO 27001

Supports workflow for approvals in Time Sheet, Requests

Complete role-based permissions for data confidentiality and integrity

Multi level view – From Organization to Account to Project

Status and Metrics reports generated automatically from the system

Built on industry standard Microsoft SQL Server and .Net

Completely web-enabled and does not require any installation on user machines

Light-weight interface making it suitable to work on internet

Incorporates requirements of Quality and Security standards such as CMMI, ISO 9001 and ISO

27001

Best practices drawn from internationally renowned organizations

Substantially reduced time and effort in model adoption and implementation

Enables complete context and role based view of policies and processes

Configurable to company’s requirements

Available to the Client as an Open-Code option which enables Client to obtain the source code of the

product with additional fees

25 Advantages of GRCPerfect

Senior Management and Client visibility into Organizational, Account and Project level performance

parameters

Improved data and metrics integrity, thus helping in better decision making

Significant help in ongoing process sustenance beyond audit and assessment

Complete automation of project management artifacts and reporting – significant savings on

management effort



26 GRCPerfect Functional Architecture

27 Sample Workflows in GRCPerfect











28 Model Mapping – CMMI

Legend

Fully Supported Not supported

Partially supported Not a data requirement

Model requirement GRCPerfect module Process

compliance

Data

compliance

Project planning Schedule



Project monitoring and control Executive dash board + reports

Configuration management Not supported

Process and product quality

assurance

Audit management

Measurement and analysis Schedule, defect, risk + reports

Supplier management Vendor master

Requirements management Change request management

Requirements development Product backlog

Traceability matrix

Technical solution Engineering output

Product integration Engineering output

Verification Review, test case management

Validation Test case management

Decision analysis and resolution

(DAR)

Pugh matrix (DAR) module

Integrated project mgmt Minutes of meeting

Action item tracking

Risk management Risk

Organizational process definition Process asset library

Organizational process focus Not a data requirement

Organizational training Training management

Organizational process

performance

All data management modules

Quantitative project management Sub-process metric



Causal analysis and resolution Root cause analysis

Organizational innovation and

deployment

Continual improvement request

Project life cycles

28.1 Model Mapping for ISO 27001


compliance

Data

compliance

Establishing and managing the

ISMS

No data requirement

Documentation requirements No data requirement

Management commitment Management review meeting

Skill gap analysis

Training management

Resource management Capacity planning

Internal ISMS audits Audit management

Management review of the

ISMS

Management review

Isms improvement Continual improvement

Security policy No data requirement

Security organizations No data requirement

Asset classification and control Asset master

Personnel security Training compliance

Physical and environmental

security

Visitor management

Communications and

operations management

It checklists

Access control Access control matrix

Systems development and

maintenance

Security review checklist

Security incident management Incident tracker

Business continuity

management

Business impact analysis

Supplier contacts

Employee contacts

Compliance Audit management





compliance

Data

compliance

Quality Manual Adaptive Management System

Control of Documents Document Control Matrix

Control of Records Record Control Matrix

Quality Objectives Metrics reports

Quality management system

planning

Schedule

Responsibility and authority Schedule

Management representative Not a data requirement

Internal communication Action Item Tracking

Management Review Minutes of Meeting

Action Item Tracking

Competence, awareness and

training

Employee Skill Profile

Training Master

Skill gap analysis (In Progress)

Requirements Estimation

Review

Design and development

planning

Schedule

Design and development review Review

Verification Test Cases

Validation Test Cases

Purchasing Supplier Evaluation

Customer Satisfaction In progress

Internal Audit Audit planning and reporting

Monitoring and measurement of

processes

Metrics reports

Monitoring and measurement of

products

Metrics reports

Continual improvement Root cause analysis (In progress)





compliance

Data

compliance

Management responsibility Adaptive Management system

Governance of processes

operated by other parties

Minutes of meeting

Action item tracking

Documentation management Adaptive Management system

Resource management Staffing master

Task management

Establish and improve the SMS Continual Improvement Request

Plan new or changed services Schedule

Design and development of

new or changed services

Schedule

Transition of new or changed

services

Schedule

Service level management Schedule

Service reporting Dashboards and reports

Service continuity and

availability management

Asset level risk and continuity plan

Budgeting and accounting for

services

Not supported

Capacity management Capacity planner


Information security

management

Asset Risk Analysis

Business relationship

management

Not supported

Supplier management Supplier master

Supplier evaluation

Incident and service request

management

Incident Reporting

Service Request

Problem management Root cause analysis

Configuration management Not supported

Change management Change management

Release and deployment

management

Schedule

28.4 List of Modules for ISO 27001 Implementation

# Module Name Key Features

1 Asset Management Asset Master including Allocation, Movement and Component tracking



Asset Service Records

2 Risk Management Threat and Vulnerability analysis

Automated Risk Analysis and Treatment Plan

3 Impact Analysis Business Impact Analysis

4 Statement of

Applicability

Definition of controls as per ISO 27001

5 Access Control

Matrix

Defining various permissions for information assets

6 Capacity Planner Define Capacity Requirements and Availability

7 Incident

Management

Incident Tracking

Allocation of Incidents

8 Material Movement Material Movement Tracker

9 Visitor Management Visitor Tracker

10 Critical Contacts Critical Contact Management

11 Audit Management Audit Planning and Audit Reporting

12 Management Review

Meetings

Auto-generation of Management Review Agenda as per ISO 27001


13 Training

Management

Plan and tracking of QMS / ISMS Trainings

14 QMS / ISMS Quiz

Management

Plan and track results of QMS / ISMS Trainings

15 Root Cause Analysis

Capture Root Cause Analysis

28.5 List of Modules for Project Governance Management System (CMMI)


1 Executive dashboard Provides 5 key metrics performances of all projects in a single page

(Schedule, Defect, Effort, Risk and Compliance)

Senior management can drill down to any project where there are

issues

2 Size and Effort

Estimation

Supports Function Point, Use Case Point and Complexity based

estimation

Supports approval mechanism

Module and Phase-wise distribution

Size variance analysis



Integration with Schedule (Planned)

3 Organizational Risk

Master

Provides a master list of risks for projects

Project managers can inherit risks to their projects from Org Risk

4 Decision Analysis

and Resolution

Provides pre-built DAR templates

Organization can add more custom templates

5 Key Performance

Indicator

implementation

Provision for defining various KPI parameters

Different KPI parameters can be set for different types of projects and

functions

Can be summarized at higher level

6 Project Overview Captures project characteristics, project stakeholders and objectives

Helps understand risks, issues and defects at organization level wrt

project characteristics

7 Schedule

Management

Define custom project life cycles

Allows auto-creation of Work Breakdown Structure

Schedule import from MS-Project

Integrated reviews checklist and creation of defects

Schedule allocation notification

Integrated test cases and creation of defects

Integration with Defects, Issues, Change Requests Module

Integrated with time sheet for effort capture

8 Defect Management Enables orthogonal classification of defects

Capture of defect history

Defect Allocation notification

Can be imported through Excel

Integration with schedule and time sheet

Supports orthogonal classifications

9 Risk Management Captures Risk History with Mitigation and Contingency Plan



Computation of Risk Prioritization Number

Risk Allocation notification

Integration with schedule

Integration with Org. Risk Management Module

10 Issues/Action Items Captures Issues / Action Item Details

Issue/Action Item Allocation notification


11 Change

Management

Captures Change Requests Details


12 Time sheet Weekly Time Sheet

Integration with schedule for planned tasks

Provision to capture un-planned tasks

Time sheet approval

Ability to capture data from two different perspectives – Metrics and

Billing

13 Minutes of Meeting Captures meeting agenda, decisions taken

Integration with Action Item Tracking

14 Quantitative Process

Management

Define Project Metrics

Milestone-wise metrics data capture

15 Sub-Process Metrics Set Statistical Process Control Limits

Verify if measures fall within control limits

16 Reports More than 50 standard reports

Dashboards for Schedule, Risk, Defects and Issues

Defect Trend

Risk Trend

Weekly and Monthly Status Reports

Audit Findings Summary etc.



29 Modules for Compliance Management (ISO 9001, ISO 27001, ISO 20000)


1 Process

Implementation

Indicator Database

(PIID)

Pre-built Process Implementation Indicator Database for CMMI

Assessment

2 Audit Management Audits Planning and Tacking of Internal Auditors

Audit Reporting and Tracking

Non-conformity analysis wrt internal policies and processes and also the

standards

3 Training

Management

Training Plan, Training Attendance and Feedback capturing

4 Management

Review Meetings

Auto-generation of Management Review Agenda


5 Vendor Management Vendor Master including Vendor Evaluation

6 Appraisal Employee Appraisal Management

7 Root Cause Analysis Capture Root Cause Analysis

8 Org. Process

Repository

Captures qualitative data on organizational process performance

9 Continual

Improvement

Request

Capture Process Change Requests

10 CMMI Quiz

Management

Plan and track results of CMMI Trainings

11 CSAT Survey Plan and capture data for Client Surveys

12 Employee Data

Management

Employee Education, Skill, Competency mapping

Skill gap analysis based on organizational roles and skill matrix



30 Adaptive Management System


1 Software life-cycles 8 comprehensive software life-cycles – Agile, Waterfall, Maintenance,

Support, Reengineering, Porting, Package Implementation and Testing

2 Processes 50+ comprehensive processes and procedures for Delivery, HR, IT and

other functions

3 Process Artifacts 500+ standardized process artifacts for CMMI, ISO 27001 and ISO 9001

4 eLearning Contains eLearning on CMMI, ISO 27001, ISO 9001, Internal Audit,

Configuration Management and Agile

5 Model Support Complete support to CMMI, ISO 27001, and ISO 9001. Will be upgraded

soon for ISO 20000 and COBIT.

31 Employee Services Module


1 Employee Directory Can see company employee information

2 Leave Apply leave

3 Request Tracking Request for any service

4 Improvement

Request

Suggest process improvement requests

5 Incident Tracking Report incidents

6 Attendance Attendance system integration

32 GRCPerfect Support Mechanism

Any defect arising out of Adaptive Product design and development will be serviced free of cost by

Adaptive over the life of the product. Following aspects will be considered as Defects

1. Application not being usable due to design / coding deficiencies

2. Any wrong calculation logic or report

3. Validations which are considered industry accepted practice



Rest will be considered as Change Requests. Defects / Change Requests should be submitted by email to

[email protected]. Defects and Change Requests will be classified as per the definitions

provided below.

33 Definition of Defect Severities and SLA for resolution (in Working Days)

Severity Definition SLA for

Response

SLA for

Resolution

1 Disastrous – system cannot be used without corrective action

being taken

4 Hours 1 Day

2 Major – system can be used with major functional restrictions 1 Day 1 week

3 Minor – system can be used with minor functional

restrictions

2 Days Quarterly

Release

4 Cosmetic – system can be used with full functionality 2 Days Quarterly

Release

34 Change Request Implementation

Priority Definition Estimated Effort (Person-

Hour) (PH)

SLA for

Implementation

1 Has legal or revenue implications

< 16 1 Week

16 to 40 2 Weeks

40 to 160 4 Weeks

> 160 Case by case basis

2 Has implications for organizational

audit/assessment/Senior

Management reporting

< 16 2 Weeks

16 to 40 4 Weeks

40 to 160 6 Weeks


3 All others < 16 2 Weeks



16 to 40 6 Weeks

40 to 160 8 Weeks


35 Adaptive Case Studies

35.1 Case study 1 - Improvement of SLA adherence for a leading telecom roaming solutions

partner

Background

Client is the leading Data Clearing House, operating in Telecom sector. Each of the telecom operators

send files containing call records to their Roaming Partners, when the latter’s end user uses the operator

network for connectivity. These files are sent to Client and who in-turn does various levels of validation

including the Tariff check which is one of the first processes to be checked. These files have to be send to

the respective operator within a period of 10 days.

Tariff check happens before any other checking and any delay in this process will lead to a Bull-Whip

Effect causing delays in all other processes. This delay, if over 10 days, can lead to monetary loss for the

client.

Challenges faced by the client

High volume of tickets = Around 400-500 per day

Dependency on information from External Entities

Internal SLA of 3 days – including weekends and other holidays

Highly fluctuating value of the file, that may range from zero of several hundred dollars

Similar amount of effort required for treating files

No existing measurements of tracking system in place

Adaptive Solution

Adaptive studied the ticket resolution process and through statistical analysis found that the prioritization

rule followed in the project and modified the same.

Files treatment got prioritized based on associated monetary value, hence in the event of a Client liability,

the amount incurred would be comparatively lesser.



Results

Prior to the project

Post Project

The response time has come down – with 94% of files being treated with 1.5 days and only 0.15% going

beyond internal SLA. This means that the other teams also have sufficient time even if the files are

stopped for other types of errors.

35.2 Case study 2 - Multinational IT Services Organization

Domain: Software Development

Employee Strength: 7000-8000

Standard: ISO 9001 /ISO 27001/Project Reviews/Process Automation

Company Brief:

Organization is a global IT services provider working in software product engineering, enterprise

application integration, software distribution, outsourcing, or turnkey application development.

Client wanted a reliable Process consulting organization which will provide comprehensive SEPG, SQA,

CMMI Level 3 and ISO 27001 support

Challenge:

11127.35

2492.812924.78

17091.76

3319.241959.48

11801.89

1500.03299.64

11459.62

3739.88

467.18

16575.32

6373.17

496.29

14821.70

5383.16

2305.79

16366.18

5708.89

333.29

18307.80

4704.55

263.65

9392.63

2182.99

74.65

10545.23

961.8724.250

5000

10000

15000

20000

APR MAY JUN JUL AUG SEP OCT NOV 1st-15th

DEC

15th-

31st DEC

Analysis based on value of the Treated Files ( In K-SDR)

Within 1.5 Day's Within 1.5 -3 Day's More than 3 Day's



With continued growth in their business, the organization needed to adopt a comprehensive approach to

managing its SEPG, SQA, CMMI Level 3 and ISO 27001 initiatives through a single system that supports

the needs of organization and leverage technology for sustainability, consistency, efficiency and

transparency across different verticals

Their existing system for managing documentation, risk, controls and reporting of internal controls had a

number of limitations including:

Risk Management was weak

Disparate project management methodologies and tools across EDCs

Each EDC was becoming an island of excellence without sharing best practices and learnings across

the organization

Organizational QMS was highly unstructured, in most cases in-complete

Many processes were missing to execute projects successfully

Processes remained in peoples’ memory and laptops

Very little usage of organizational QMS

Inconsistencies in project execution across EDCs

Organization not benefiting from the engineering and project management maturity those were

present in the EDCs

People transition used to create a drop in process performance

Project Based QMS:

No mechanism sharing project information to be provided to all team members

No structured induction method

No estimation method

Significant % of team were freshers

These limitations significantly needed to be taken care for governance, compliance and risk management

requirements such as ISO 9001, ISO 27001. The team realized that they needed to replace their current

system with a next-generation solution that provided a comprehensive platform for internal controls to

support effective CMMI Level 3 and ISO 27001 management

Solutions:

After detailed evaluation and understandings of current organizational processes, based on the

understanding client’s processes and their gap for effective quality system management, a comprehensive

solution was provided to the client, which included process definition, training, implementation, project

reviews, internal audits and external audit support.

Comprehensive risk management and project review parameters were defined based on which all

EDCs reviewed there projects monthly

Standardized all organization’s processes to bring uniformity in process conformance activities across

all ODCs in the organization

Re-engineered complete QMS : 50+ processes and 100+ templates standardized

Obtained best practices from all EDCs and published standardized processes

Defined complete processes including all Project Management and Engineering artifacts



Developed project intranet based on open-source Twiki platform which is updated periodically

All new team members trained in all project processes and tools

Developed estimation method for future iterations

Organization wide training for effective implementation was provided to employee (including project

reviews, incident management, risk management and role based system)

Systematic and consistent audit process across different verticals in the organization was defined

An effective CSAT process was developed

Benefits:

Process Automation: By automating the compliance management processes the organization has

dramatically reduced the time being spent by staff members, IT Manager, and senior managers on CMMI

Level 3 and ISO 27001 related activities.

Consistent Process: Adaptive brought about a consistent process across the enterprise, eliminating any

deviations and error eliminating the cost and time associated with repeated processes and multiple checks.

Project Review: Monthly project reviews helped the organization to identify problems in the projects

early in the life which helped them in effective project management

Customer Communication: Periodic CSAT helped the company to understand client paint points and

take corrective actions on the same

Stakeholder Appreciations: Current QMS highly appreciated both internally and by external auditor

Collaboration: Employees are able to carry out team activities in a productive manner with the

collaborative environment that the improved system provided.

Resource Utilization: With the entire compliance process streamlined and automated with the adaptive

support, the organization can better utilize its resources.

35.3 Case Study 3 – Large Financial BPO Organization

Domain: BPO (Insurance)

Employee Strength: 800+

Standard/Focus: Business Continuity Management

Company Brief:

Organization specializes in rendering a wide range of knowledge process outsourcing services for major

Indian and multinational companies.

Client wanted a reliable Process consulting organization which will provide them an effective business

continuity solution

Challenge:



With continued growth in their business and requirements from client, the organization needed to adopt a

comprehensive approach to managing its operations in case of a disaster

There was no existing system for the organization to sustain itself during a disaster:

No process for business continuity and disaster recovery was present

Critical Asset identification and asset prioritization was weak

Backups for critical systems and operations were absent

Risk Management was weak

These limitations significantly needed to be taken care for compliance and risk management requirement.

The team realized that they needed to have robust system that could face disasters and/or try to avoid

them altogether

Solutions:

After detailed evaluation and understandings of current organizational processes, based on the

understanding client’s processes and their gap for effective disaster management system, a comprehensive

solution was provided to the client, which included risk management, business impact analysis.

All critical assets of the organization were identified and rated based on their confidentiality, integrity

and availability values

Based on asset criticality risk analysis and vulnerability assessment was performed

Business impact analysis was performed for critical assets

Different disaster scenarios were identified and action plan for each scenario prepared

Conducted BCM testing for different scenarios like network outage, city outage etc.

Benefits:

Organization will be able to face disasters with drastically less damage

All the project objectives were successfully achieved

BCM capability developed was highly appreciated both internally and by customer of the client

Date post:	13-Mar-2018
Category:	Documents
Upload:	letruc
View:	217 times
Download:	2 times