Unified Commerce

Achieving ISO 27001:2013 ISMS Certification in six months

December 20, 2022

Vijay Hatewar, CISO

Table of contents

Hi there! are you ready to start your journey with us?

Greetings!

Thank you for landing here on this page! Allow me to introduce myself! I am Vijay Hatewar, leading the information security practice at Fynd!

I believe that security is an ever-growing process; hence, we at Fynd continuously improve and evolve our security features. When my team and I, a team of two, commenced the security practice at Fynd, we had basic security practices. Over a while, our security team has grown to seven over six months.

My first task when joining the firm was implementing security features on our technology-hosted environments. Our security practices were appreciated by Amazon Web Services (AWS) audit team, stating to us, ‘Fynd has been the fastest company that we have audited because you have everything in place’. However, at that moment, I did realize that we may have security implementations in place but no processes to govern them for compliance. Our organization moved forward to develop an able audit team.

The audit team and the security team performed an information security gap assessment to identify the security gaps that we have in the organization. The gap assessment was performed conforming to ISO 27001:2013 ISMS standard. Once we knew our security implementation focus areas, our security team worked on fixing the gaps identified to reduce residual risk. Parallelly, our audit team documented information security, cloud security, business continuity, and privacy policies, procedures, and guidelines for the organization.

Once our policies and procedures were implemented, we trained all our employees and third-party staff on the importance of information security. An information security awareness exam was conducted, and 99.03% of all our employees and third-party staff passed the assessment. Having known this, I was ensured that we were ready to procure our first certification.

And so, we did; we acquired the ISO 27001:2013 ISMS certification. Our certification partner was the British Standards Institute (BSI) India, which accredited us with our ISMS certification.

While the team has been zealous to acquire this certification in six months, I believe Fynd is just getting started. Getting started in our implementations, disciplines, awareness, and much more.

I would like to thank the management, Farooq Adam, Harsh Shah, and SMG, along with the constant support provided by Jigar Dafda and Kushan Shah, who has worked with me to make this possible.Finally, I would like to thank each of you, our precious customers, who continue to inspire trust in us and assist us in improving with each passing day.