Prashant Kumar Tiwari

• Reviewing ISO 9001:2008 & 27001:2005 Internal Audits Reports. • Developed organizational BCP policy and procedures aligned to ISO 22301. • Detailed study of all processes to determine end to end functioning of the BCP process. • Conducted business impact analysis of business processes, applications and products. • Design, developed and documented Business Continuity Plan for all the functions as per the project requirement e.g., evacuation plans, site emergency management plans, call trees, business continuity plans, crisis management plans etc.

• Information Security implementation including ISO 27001 requirements. • Service Desk and Data Center audit, ODC/SDC audits. • Implementation of Clean Room Environments. • IT BCP/DR including ISO 22301 requirements. • Audit Schedule, Audit Reporting with stake holders. • Information Security awareness sessions/Trainings to all stakeholders. • Regulatory Assessments - includes J-SOX compliance (ITGC Controls including Access Management, Change Management, System Development Management and IT Operations and Monitoring), HIPAA (Technical Safeguards, Administrative Safeguards and Physical Safeguards) and Data Protection Act. • CCF (Common Control Framework) for regulations/compliance.

• ISO 27001 control implementation and regular assessment • Information Security and Business Continuity Framework design & Implementation • Data Privacy (Privacy impact assessment, Data controller/processor agreement, Privacy by design and privacy by default) • Vendor Risk Management (TP ISRA and JV ISRA) • Vendor Audits on ISO 27001 standard, • ITGC, IT Risk Advisory to internal Projects. • US Trade Control (Import/export of application and software)

• ISO 27001 control implementation, assessments and reporting • Information Security and Business Continuity Framework design & Implementation • Incident Management, Change Management, Exception Management and Common Control Framework Implementation, Data Privacy and Compliance, Privacy Impact Assessment. • Data Privacy/GDPR, HIPAA, SOX, PCI-DSS and other ITGC InfoSec requirements • Physical, logical/technical and administrative safeguard to prevent data • Cloud Security Assessments, Supplier audits, supplier security assessments • Computer system validation (V Model – IQ, OQ, PQ) • Operational control testing • Review of all Quality & Regulatory deliverables including DMP, DMS, DRS, DQP, DQPR, DMCR • Review and update Quality deliverables in respect of Good Documentation Practice • Connect with various stakeholders for review and approvals of Q&R documents