INTERNAL

INSPIRED PEOPLE. INSPIRING RESULTS.

INCLUSIVE APPROACH TO INFORMATION SECURITYSecurity Culture in the Corporate World

Jaganathan TISSC Chairperson

Ajuba Solutions India Pvt Ltd

INTERNAL

INSPIRED PEOPLE. INSPIRING RESULTS.

COMPANY OVERVIEW

INTERNAL

INSPIRED PEOPLE. INSPIRING RESULTS.

EXECUTIVE SUMMARY

Industry leader in offshore healthcare billing and revenue cycle management

Proven track record:

We process claims with a gross value of over $3 Billion, code 3 million charts and collect

over $1 Billion in cash annually

Over 1700 domain experts

Long term partnerships and retention of clients

Seasoned Team and Quality Processes

Employees come from organizations such as Deloitte, EDS, McKesson, NDC Health etc.

Strong management bench and training capabilities; ability to scale

INTERNAL

INSPIRED PEOPLE. INSPIRING RESULTS.

Ranked among the Top 100 Offshore Companies in the world by Managing

Offshore and Neo IT

Identified as a ‘Rising Star’ by The International Association of Outsourcing

Professionals (IAOP), in The Global Outsourcing 100 list and published by

Fortune Magazine

Ranked #1 as The Top Healthcare Revenue Cycle Management Outsourcing

Vendor by The Black Book of Outsourcing

Among The Best Employers in India (Hewitt Associates-The Economic Times)

INDUSTRY AWARDS & RECOGNITION

INTERNAL

INSPIRED PEOPLE. INSPIRING RESULTS.

Among The Best Workplaces in India (Great Places to Work Institute Inc,

US - The Economic Times)

Among Best BPO Employers in India (IDC – Dataquest)

Among The Top Emerging Exciting Places to Work for (NASSCOM-

Grow Talent)

Award for Excellence in Gender Inclusivity by NASSCOM

INDUSTRY AWARDS & RECOGNITION

INTERNAL

INSPIRED PEOPLE. INSPIRING RESULTS.

PEOPLEPROCESS

TECHNOLOGY

THE FOUR PILLARS OF OUR DELIVERY MODEL

INFR

ASTR

UC

TUR

E

INTERNAL

INSPIRED PEOPLE. INSPIRING RESULTS.

AJUBA - INFORMATION SECURITY TRACK RECORD

ISO27001:2005 certified

HIPAA Certified

FDCPA Certified

SAS70 Type 1 Certified

Self Assessment completed for PCI/DSS

We take Security and Compliance very

seriously

INTERNAL

INSPIRED PEOPLE. INSPIRING RESULTS.

INFO SECURITY IMPLEMENTATION IN AJUBA - CHALLENGES

In an industry where Info. Security and

compliance is very critical to business. HIPAA

Ajuba is continuously awarded as a `Best

Employer’ and widely known for `Employee

Friendly’ culture. Improper Security enforcement

has the potential to affect `Best Employer’ brand

equity. Judicious balance between Security

Management and Employee comfort required.

Not alienate employees

Average age less than 30. Additional impetus to

security awareness required.

INTERNAL

INSPIRED PEOPLE. INSPIRING RESULTS.

IMPORTANT ASSET: PEOPLE CROSS FUNCTIONAL SECURITY TEAM

INTERNAL

INSPIRED PEOPLE. INSPIRING RESULTS.

TRADITIONAL SECURITY ORGANIZATION

Physical Security

IT Security Officer

Auditor

Info Security manager

CMOCSOCIO

CEO

INTERNAL

INSPIRED PEOPLE. INSPIRING RESULTS.

President

Sr. Manager Operations

ISM

Manager Corporate Comm.

Team Supervisor

Asst Manager

Team Leader

Agents

Sr. Manager operations

Manager HR

Team Supervisor

Asst Manager

Team Leader

Executive

Sr. Manager Finance

Asst Manager

Manager Tech

Team Leader

Executive

Sr. Manager Technology

Sr. Executive

ISMS

Asst Manager

Team Supervisor

Agents

Manager operations

Sr. Manager Admin

Asst Manager

Executive

ISSC

Director Technology& ISSC Chairperson

Director Finance & HR

DirectorOperations

Asst Manager

Team Leader

Asst Manager

Manager SW

Executive

AJUBA SECURITY INFO ORGANIZATION

Manager Corporate Comm.

Team Supervisor

Asst Manager

Team Leader

Agents

Sr. Manager operations

Manager HR

Team Supervisor

Team Leader

Executive

Sr. Manager Finance

Asst Manager

Team Leader

Executive

Sr. Manager Technology

Asst Manager

Agents

Asst Manager

Executive

Sr. Manager Operations

ISM

President

ISSC

Director Technology& ISSC Chairperson

Director Finance & HR

DirectorOperations

Asst ManagerAsst

ManagerManager

Tech

Sr. Executive

ISMS

Team Supervisor

Manager operations

Sr. Manager Admin

Team Leader

Asst Manager

Manager SW

Executive

INTERNAL

INSPIRED PEOPLE. INSPIRING RESULTS.

INFORMATION SECURITY FORUM CROSS FUNCTIONAL TEAMS

ISSC : Information Security Steering Committee

Management team to guide and steer security implementation

ISTF: Information Security Task Force Responsible for implementing and managing

Information Security implementation.

IRT: Incident Response Team Responsible for Incident Response and

Resolution

IAT: Internal Audit Team Responsible for Internal and External Audits

ERT: Emergency Response Team Responsible for response to emergency

conditions and drills

INTERNAL

INSPIRED PEOPLE. INSPIRING RESULTS.

For a total Ajuba staff strength of 1700

ISSC = 4ISTF = 20IRT = 12IAT = 40ERT = 63

Total 139 ie 8.2 % of total staff strength

Extended Security Focus possible because of unique model followed

INTERNAL

INSPIRED PEOPLE. INSPIRING RESULTS.

INTERNAL

InfoSec – Focus Shift

TRADITIONAL APPROACH REPLACED BY

Central Security Team Centrally Enabled Participative Team

CSO Steering Committee coordinate by a Chairperson

Policy Enforcement Participation & Peer Pressure

Vigilance, Monitoring Peer Reporting & Health Check

Disciplinary Action Incident Resolution

Internal Audit Peer Review

ISMS I Support Maintaining Security!

Ajuba Security Approach – Terminology Used

INTERNAL

INSPIRED PEOPLE. INSPIRING RESULTS.

SOME BEST PRACTICES

PEOPLE INVOLVEMENT

Second Week of every December is

Celebrated as ISMS Week

ISMS week Includes Various Competitions

for staff

Periodic spot checks and “ Best Compliant

team” awarded annually

Weekly ISMS quiz in intranet

Monthly ISMS newsletter

Transparent & Open security escalations

INTERNAL

INSPIRED PEOPLE. INSPIRING RESULTS.

SOME BEST PRACTICES

PROCESS

Automated Incident Registration, Tracking &

Resolution

Anonymous Incident Registration possible

Weekly Security Posture Review

Standard and structured disciplinary matrix

known to all staff

Security Responsibility is part of everyone’s Job

Description

Measurable KRAs for Security Team

Security Conformance part of every employee’s

HR track record.

Electronic NDA and ISMS acceptance as part

of onboarding

Integrated Security / Compliance / Risk

Management

INTERNAL

INSPIRED PEOPLE. INSPIRING RESULTS.

SOME BEST PRACTICES

PEOPLE SECURITY

Trendsetter in Transport Security – Last Drop

Confirmation

Quarterly ERT training

Surprise ERT drills

INTERNAL

INSPIRED PEOPLE. INSPIRING RESULTS.

INFO SECURITY LIFE CYCLE IN AJUBA

INFO SECURITY IS A COMPLETE LIFE CYCLE INVOLVEMENTIN AJUBA

INTERNAL

INSPIRED PEOPLE. INSPIRING RESULTS.

0

2

4

6

8

10

12

14

16

18

20

2007 2008 2009 2007 2008 2009 2007 2008 2009 2007 2008 2009

Access Rights Violations

Camera Phone Violation

Non Compliance with IS Policies

Physical Security Violation

12

97

10 10

2

20

12 11

54

1

Total Incident

Security Incident Category -->

Info Security Metrics

INTERNAL

INSPIRED PEOPLE. INSPIRING RESULTS.

RISK MODEL – COMPLETE FEEDBACK

Risk Assessment done by the respective team with coordination / direction from ISMS team

INTERNAL

INSPIRED PEOPLE. INSPIRING RESULTS.

SUMMARY

AJUBA UNIQUE INFOSEC MODEL

Ajuba model brings People to the forefront and weaves Technology and Process around People

No Compromise on Process and Technology

Works very well for Ajuba

Should work well for any company. May require little customization to suit the organization.

Efficient security implementation at minimum cost

INTERNAL

INSPIRED PEOPLE. INSPIRING RESULTS.

THANK YOU