Privacy Program at an Indian Blockchain service provider SMB
The organization in a mid-sized Indian blockchain service provider. It caters to clients in various domains to leverage blockchain tools to enable marketers to efficiently optimize campaigns, connect with customers and track results. The organization needed to implement a robust security and privacy compliance and risk management program that kept up with the continual changes without impacting the fundamentals. Further the company’s clients required it to have robust systems in place for personal data privacy and data protection
Compliance to any law/ framework/ standard/ contractual agreement requires baselining. Secondly, compliance is contextual. Therefore, Arrka initially worked with the client team to understand and define the boundaries of their compliance. Being a SAAS player, there are ‘under the hood’ compliances which need to be completed and demonstrated while maintaining the confidentiality required for each client. Therefore, we first baselined the compliance requirement using the Arrka framework and applicable controls. Subsequently, we rapidly scaled the same and worked with the team to get the organization certified across multiple standards while, simultaneously, ensuring the multiple contractual as well as regulatory requirements were addressed. We achieved this across both the Security and Privacy domains. Leveraging our frameworks and the Arrka Platform (APMP), the organization was able to not only comply quickly but has also been able to sustain the compliance on an ongoing basis. What is more, this was achieved across each layer: of Technology (Infrastructure and Development), Processes, Physical facilities, and People. Our approach enabled the organization to align and work with their own teams, minimizing their dependance on external experts.