Vishwas Pitre has over 25 years of experience in software delivery, datacentre and IT support services, information security and data privacy at Zensar. For the last 12 years, he has been working as the CISO at Zensar, with DPO becoming an additional role for a year now.
He has established organization level ISMS framework covering people, process and technology solutions, its implementation based on ISO27001, SSAE18, PCI-DSS standards with continuous improvements, considering the ever-changing threat landscape.
Similarly, he has established an organization-wide data privacy framework based on GDPR, POPI, Indian IT Act, and its implementation with continuous improvements. He is responsible for ensuring security of complex IT infrastructure across multiple locations including acquired companies. He also plays a key role in securing various digital platforms.
He has taken initiatives to improve information security and data privacy best practices and controls, considering emerging threats and vulnerabilities.
Key security initiatives
Zensar identified the business need to design and implement the Global Data Privacy Compliance Program based on GDPR 2016.
Implementing and maintaining compliance to data protection laws (GDPR) and customer data security expectations was a complex challenge, with restrictions on transferring personal data outside European Economic Area (EEA). Apart from this, there was a requirement to comply with the South African Protection of Personal Information Act (POPI), UK/USA’s Data Privacy Acts and Indian IT Act in terms of data privacy. This proved to be a challenge to cover all of this in one go. The team took up the challenge and made an effort to define an all-inclusive and comprehensive Common Data Privacy Framework.
As part of the program, many of the internal applications were re-looked into and redesigned to meet the expectations of GDPR meeting privacy by design principles. The team designed simple and effective data privacy compliance tools comprising of PII inventory identification form, privacy risk assessment and finally a compliance report for executive management and the customer.
Zensar first conducted the context assessment to understand the customer environment, privacy requirements and expectations. Following this, an inventory of personal information was made and a Data Protection Impact Assessment (DPIA) was conducted to identify the privacy risks. After this, data protection policies and procedures were implemented, and finally, a document privacy compliance report was prepared.
As a result of the implementation, many large customers were satisfied with their PII data being safe and secure, and this in turn led to bagging new big customer accounts.
In addition to this, monitoring the status of compliance on an ongoing basis across the organization became easy and the company was able to demonstrate the data privacy and security within the ODC at any given time.