Trust Centre: Information & Data Protection
Consultivo’s Trust Centre outlines its ISO 27001 aligned information security and cybersecurity governance, DPDP-compliant data protection practices, and commitment to stakeholder trust.
At Consultivo Group, information security and cybersecurity are treated as core governance priorities, not just IT functions.Â
Our Information Security Management System (ISMS) is designed in alignment with ISO/IEC 27001:2022, India’s Digital Personal Data Protection (DPDP) Act, and global best practices, ensuring the confidentiality, integrity, and availability of information entrusted to us by clients, partners, and stakeholders.
Our publicly articulated approach reflects transparency, accountability, and maturity – helping stakeholders gain confidence that Consultivo operates with a resilient and well-governed security framework.
Our Information Security Management System (ISMS)
Consultivo Group has established a formal, organisation-wide Information Security Management System (ISMS) covering advisory, audit, assessment, and training services. The ISMS applies to our people, processes, technology, and third-party engagements.
ISMS Scope
All Consultivo Group operations delivering professional services across the globe, supported by secure cloud-based platforms and governed by defined security roles, responsibilities, and oversight.
Leadership & Oversight
Information security governance is driven by top management, with an appointed Information Security Officer (ISO) and a security committee that ensures strategic alignment, accountability, and continual improvement.
Information Security Principles We Follow
Our security program is built on the following principles:
- Confidentiality – Client and personal data is accessed strictly on a need-to-know basis.
- Integrity – Information is protected from unauthorised modification or misuse.
- Availability – Systems and data remain accessible to authorised users when required.
- Privacy by Design – Personal data is collected with consent and processed strictly for defined purposes.
- Continual Improvement – Controls are reviewed, tested, and enhanced regularly.
Data Protection & Privacy
Consultivo’s data protection practices align with the Digital Personal Data Protection Act (India) and global privacy expectations:
- Personal data is collected only with consent and legitimate purpose.
- Data is classified, securely stored, and retained only for defined business or legal needs.
- Secure deletion and disposal processes are followed at the end of the lifecycle.
- Confidentiality obligations continue even after data deletion or contract closure.
These practices ensure responsible handling of personal, client, and sensitive business information.
Key Security Policies & Controls
Consultivo maintains a comprehensive set of documented and implemented security policies under its ISMS, including:
People & Access Security
- Human Resource Security (screening, NDAs, training, offboarding)
- Role-based access control and least-privilege enforcement
- Strong password and authentication controls
- Secure remote working practices
Data & Asset Protection
- Data classification and handling (Confidential, Internal, Public)
- Asset ownership, inventory, and lifecycle management
- Encryption of sensitive data at rest and in transit
- Secure backup, retention, and recovery processes
Technology & Infrastructure Security
- Endpoint protection and anti-malware controls
- Patch and vulnerability management
- Network security and logging
- Continuous monitoring and alerting
Physical & Environmental Security
- Controlled office access and visitor management
- Secure handling of laptops and devices
- Segregated and secured Wi-Fi environments
- Reliance on certified cloud data centres (AWS, Google Workspace, Zoho)
Incident & Risk Management
- Formal incident response and escalation procedures
- Defined remediation timelines based on risk severity
- Regular risk assessments and vulnerability scans
- Lessons learned and corrective actions tracked
Third-Party & Supply Chain Security
Consultivo recognises that cybersecurity risks extend beyond organisational boundaries. Our third-party management framework ensures:
- Security due diligence before onboarding vendors or partners
- Contractual information security obligations and NDAs
- Need-to-know access provisioning
- Timely revocation of access upon contract completion
- Incident reporting and compliance monitoring
This approach supports secure collaboration across our value and supply chains.
Cloud-First, Secure-by-Design Operations
Consultivo does not host client data on on-premise servers. All business and client-scoped data is handled through enterprise-grade SaaS and PaaS platforms such as AWS, Google Workspace, and Zoho, which maintain globally certified data centres and security controls.
Our internal policies ensure secure configuration, access governance, monitoring, and vendor accountability.
Secure Communications & Website Security
- All Consultivo websites enforce HTTPS using industry-standard TLS encryption
- Encryption protects data in transit against interception and tampering
- TLS implementation supports Consultivo’s ISO 27001–aligned ISMS
- Measures align with DPDP Act requirements for reasonable security safeguards
- Website security is periodically reviewed as part of broader cybersecurity governance
About Us
1. Organisation & Identity
2. Governance, Ethics & Trust
3. Sustainability, Industry & Impact
4. People, Culture & Careers
