Alcumus®ISOQAR

Leading the way inmanagement system certification

Sovereign Capital

Alcumus ISOQAR Alcumus SypolAlcumus Drurry

PSMAlcumus Info

Exchange

Alcumus Group

• Innovators: Continuous development to better support our customers

• Experienced: We’ve been adding value for over 35 years

• We deliver: Our customers stay with us 95%+ retention rates

Alcumus – a true market leader

4

5000+ customers and 30% of FTSE 100

• Have confidence in working with Alcumus

The market-leading provider of technology-enabled compliance risk management and

certification services

Alcumus ISOQAR – key stats

6th position in the UK

certification market

Fastest –growing UK certification

body

Deliver more than 10,000

audit days per year

£8.2M Revenue

Auditing against more

than 25 generic and

sector specific standards

35% contribution to overall Alcumus

revenues

Network of 300+ IAN

consultants

Overseas network of 7 Critical locations servicing 2500

international clients

13% y-o-y growth

55 Auditors, 36 Contractors 35 –

strong office based team

• Extensive range of solutions and services

Alcumus overview

6

COSHH

Software

Training

Certification

HR

Health & Safety

Contractor Verification

Leading compliance software• Used by 30% of FTSE 100 companies

Leading UKAS Certification body• The fastest growing in the UK (60+ auditors)

A clear leader in H&S management• Nationwide coverage (60+ consultants)• No. 1 for COSHH solutions (20+ specialists)

Leading Property compliance• Most leading managing agents use us

Leading HR solutions provider• Delivering services for over 30 years

Leading Training provider (IRCA, IOSH, NEBOSH)

• Some of our customers

Alcumus overview

7

ConstructionManufacturing

EngineeringOil & Gas Healthcare

Retail / Property

Public SectorTransport &

logistics

• And some more…

Alcumus overview

8

Our References

ISOQAR India references :

• Emerson• Knight Frank• SBI• Getronics• SERCO• Intelenet• Sparsh• JW Thompson• HITACHI• France Telecom- Orange• ISS• Sanofi Aventis• Prometric• R Systems International/ Indus• SunTec• ARANCA• ZENSAR

• Reliance Industries

• Phizer

• Toyo

• Alexander Mann

• Diaggio

• Heniken

• Ministry of National Guard Health Affairs - KSA

• Al Qassim Municipality

• Al Imam University - KSA

• UAE Exchange

• Qatar University

• Banque Saudi Franci

• Cloud Pay

• Getronics

ISOQAR is part of the Alcumus Group, a multi-discipline provider of risk management, compliance and certification services, operating throughout the UK and via a network of operations globally.

For over 20 years, we have assisted thousands of businesses of all shapes and sizes create competitive advantage

Auditors with over 2000 plus global audit experience

Why choose ISOQAR?

n Technical capability - our expert auditor’s industry experience is matched to your

organisation’s activities, enabling you to get the most out of your assessment.

n The ALCUMUS ISOQAR brand - our reputation for integrity and approachability

means that we offer a consistent and professional service, resulting in a practical and meaningful audit

experience.

n Global reach - besides having auditors located throughout the UK, we also have the

capability to deliver certification audits internationally.

n Rapid response - we specialise in providing audits and answering queries quickly and

efficiently.

“

A simplistic & direct approach to auditing that was appropriate to our industry3

20000/22301/27001/31000/55000FSSC / BRC

PCI DSS

SSAE 16

TIA 942 A

HIPAA/ HITRUST ( Initial stage)

What is PCI (Payment Card Industry)

PCI is a family of data security standards that is intended to secure processing infrastructure of payment industry.

PCI DSS applies to any entity that processes, stores or transmits cardholder data

Consistent global standard applies to banks, merchants, service providers and gateways

PCI DSS applies to CREDIT and DEBIT cards

Introduction to PCI DSS• Joint effort of

VISA International

MasterCard Worldwide

American Express

Discover Financial Services

JCB

• Managed by the PCI SSC on behalf of the Card Brands

(Visa, MasterCard, AMEX, Discover and JCB)

• Current version of standard is 3.1 (April 2015)

• Includes 12 security requirements (approx. 300+ sub-requirements)

• Grouped into six control objectives.

ISOQAR Product offering

Gap Assessment

PCI DSS gap assessment, depending on the scope and size of the organization will normally be conducted in 3 days of onsite assessment.

The deliverables of Gap Assessments will include:Detailed requirement wise gaps identified and The assessor recommendations in line with PCI requirements.

Time frame: 3 days onsite + 1 week of gap assessment report writing Resources : 1 QSA + 1 Technical Consultant onsiteConsultant offsite for 4 / 5 days for report writing

QSA 2 days offsite for checking the report before releasing it to the client

In case of large organizations like banks, service providers, BPOS with multiple sites/ locations the time frame can vary and so will be the costing

PCI DSS Audit and Certification

Time frame: 3 - 5 days onsite 30 to 60 days of evidence collection 2 to 3 weeks of report writing ( ROC )1 week of report QA and comments remediation Resources : 1 QSA + 1 Technical Consultant onsite for 1 week ( 5 days )QSA 15 – 20 days offsite for checking evidences and writing the report before releasing it to the QAQA 3 to 5 days for queriesQSA 3/5 days for remediation of QA comments.Total time estimated from the date of audit till release of ROC will be 60 to 90 days depending on the client’s urgency.

In case of large organizations like banks, service providers, BPOS with multiple sites/ locations the time frame can vary and so will be the costing

Remediation / Implementation Support

In line with the gaps identified and the subsequent recommendations bythe QSA, the ISOQAR technical team will assist the client in remediationsupport to become PCI DSS compliant.

Time frame may vary depending on the client’s urgency to get compliantand the gaps identified i.e. 90 to 180 days.

Resources : 2 Technical Consultants offsite under QSA guidance

In case of large organizations like banks, service providers, BPOS withmultiple sites/ locations the time frame can vary and so will be thecosting

Support services

Internal Vulnerability Assessments

• Why required?

• All PCI DSS certified companies will need these scan reports on a quarterly basis as mandated by PCI.

• Costing: Depending on the number of devices and IPs to be scanned

• Resources: 1 Technical Consultant onsite / offsite depending upon the requirement of the client.

Penetration Tests

• Why required?

• All PCI DSS certified companies will need these scan reports on a yearly basis as mandated by PCI.

• Resources: 1 Technical Consultant onsite / offsite depending upon the requirement of the client.

Annual Review of Policy / Procedures and Risk Assessment

Why required

• All PCI DSS certified companies will need this Annual Review of Policy / Procedures and Risk Assessment on a yearly basis as mandated by PCI.

• Resources: An experienced resources in ISMS and PCI

PCI DSS implementation training

• Depending upon the clients need / as required experienced consultants will offer 3 days of “PCI DSS Implementation Training” onsite / offsite.

Beyond Certification

Embracing best practice

standards

Approach going forward

AlcumusYour Trusted Partner

bhargavu@isoqarindia.comInside Sales and Marketing+91 9033083100