Aequs gets certified ISO 27001:2013 standard, acknowledged for cutting-edge systems for data protection, business continuity and resilience in an ever-evolving IT landscape.
By Basavant Patil, AVP, IT / IS / ERP, Aequs.
AEQUS caters to a diverse set of customers cutting across industry sectors like Aerospace, Toys and Consumer Durable Goods. All of them are demanding and varied in requirements when it comes to handling their data and information.
Apart from data pertaining to their manufacturing processes and operations, Aequs has also to deal with sensitive customer information. Safeguarding this data becomes paramount to provide confidence to the customer on aspects like cyber security, information management systems, and Aequs’ preparedness for operational resilience and business continuity.
Notwithstanding any number of systems and methodologies of information management that a company may implement, ultimately, customer confidence stems from a globally accepted, recognized, and proven systems.
AEQUS thus conceived and embarked on a Compliance & Security Programme that would lead to internationally recognized and accepted compliance certification for information security, data protection and establish business continuity.
It zeroed in on the ISO 27001 system, an industry benchmark that induces best practices that reinforce trust and confidence with existing and potential customers.
AEQUS began its journey through a structured approach to compliance and security in early 2020. The exercise included establishing a Governance, Risk and Compliance Management Framework through enhancements on technology and processes across its group entities. The overarching objective was to leverage this framework to improve operational efficiency with internal stakeholders and establish a higher degree of confidence with external stakeholders.
It implemented a rigorous audit process and system improvements through this period for the adoption of mature practices on information management, cyber resilience and business continuity.
As a result, AEQUS is now successfully certified for ISO 27001:2013 standard across all its business verticals – Aerospace, Toys, Consumer Durable Goods, including joint ventures located at its India SEZ. The scope of the certification includes information security management in manufacturing and supply of Aerospace Components, Electronic Toys, Industrial Engineering and Distribution of high precision components, and administration of supporting utilities, infrastructure and SEZ operations.
What does this mean for our customers and partners?
Global customers of AEQUS can now rest assured that their data is securely handled throughout the life cycle of their engagements with the company. There is an assured adherence to various compliances and regulations, contractual obligations, requirements on IP protection.
“Information Security Management has always been among Aequs’ top priorities both in its operations and in the design of its services.“
Our ISO 27001:2013 Journey
AEQUS started a comprehensive compliance programme in 2020 with a Steering Committee and Governance Council to oversee and implement it, respectively. The Steering Committee was led by the CEO, with all Business Unit heads, Heads of enabler groups as members. The Governance Council was led by CISO & Head IT and consisted of Risk & Operational resilience leaders, Security Incident leaders, Internal Auditors, Learning Management Champions and Disaster Recovery Representatives.
The scope of the Compliance & Security Programme addressed business locations and worksites across business verticals encompassing core manufacturing units, enabling and supporting functions, and processes. It is imperative in today’s outsourced world that companies of all sizes recognize the importance of cyber security. But just setting up an IT security group or obtaining an IT certification is not good enough.
In practice, this meant that to achieve our objectives, we had to be compliant with practices as laid out in the ISO 27001:2013 standards. This called for drafting and implementing an elaborate set of policies and procedures, training the staff across the organization and groups of targeted employees based on their job roles. Further, it also involved setting up physical security controls, reviewing and verifying Information technology measures, Human Resource Security controls, and process controls to address routine activities was needed.
Compliance evaluations started in the winter of 2020 when we performed a complete internal audit across the organization. Following this thorough exercise, we started the external certification process in May 2021. The external audits, which took place in two stages, were performed by the international certification accredited organization (Bureau veritas Certification – BVC).
How does AEQUS plan to sustain this state?
Teams across AEQUS are validating on an ongoing basis the organizational commitment to security practices and risk management. Aequs is benchmarking itself with the best in the business and following internationally recognized best practices. With its focus on continuous improvement, its customers can be assured of cutting-edge protection of their data, apart from business continuity and resilience in case of any disruptions.