Climate-Neutral Event | Partnering to British Deputy High Commission

Find more

Trust Centre: Information & Data Protection

Information, Cybersecurity & Data Protection Governance

Consultivo’s Trust Centre outlines its ISO 27001 aligned information security and cybersecurity governance, DPDP-compliant data protection practices, and commitment to stakeholder trust.

At Consultivo Group, information security and cybersecurity are treated as core governance priorities, not just IT functions. 

Our Information Security Management System (ISMS) is designed in alignment with ISO/IEC 27001:2022, India’s Digital Personal Data Protection (DPDP) Act, and global best practices, ensuring the confidentiality, integrity, and availability of information entrusted to us by clients, partners, and stakeholders.

Our publicly articulated approach reflects transparency, accountability, and maturity – helping stakeholders gain confidence that Consultivo operates with a resilient and well-governed security framework.

Meet Consultivo

Our Information Security Management System (ISMS)

Consultivo Group has established a formal, organisation-wide Information Security Management System (ISMS) covering advisory, audit, assessment, and training services. The ISMS applies to our people, processes, technology, and third-party engagements.

ISMS Scope
All Consultivo Group operations delivering professional services across the globe, supported by secure cloud-based platforms and governed by defined security roles, responsibilities, and oversight.

Leadership & Oversight
Information security governance is driven by top management, with an appointed Information Security Officer (ISO) and a security committee that ensures strategic alignment, accountability, and continual improvement.

Information Security Principles We Follow

Our security program is built on the following principles:

  • Confidentiality – Client and personal data is accessed strictly on a need-to-know basis.
  • Integrity – Information is protected from unauthorised modification or misuse.
  • Availability – Systems and data remain accessible to authorised users when required.
  • Privacy by Design – Personal data is collected with consent and processed strictly for defined purposes.
  • Continual Improvement – Controls are reviewed, tested, and enhanced regularly.

Data Protection & Privacy

Consultivo’s data protection practices align with the Digital Personal Data Protection Act (India) and global privacy expectations:

  • Personal data is collected only with consent and legitimate purpose.
  • Data is classified, securely stored, and retained only for defined business or legal needs.
  • Secure deletion and disposal processes are followed at the end of the lifecycle.
  • Confidentiality obligations continue even after data deletion or contract closure.

These practices ensure responsible handling of personal, client, and sensitive business information.

Explore our Terms of Use

Key Security Policies & Controls

Consultivo maintains a comprehensive set of documented and implemented security policies under its ISMS, including:

People & Access Security

  • Human Resource Security (screening, NDAs, training, offboarding)
  • Role-based access control and least-privilege enforcement
  • Strong password and authentication controls
  • Secure remote working practices

Data & Asset Protection

  • Data classification and handling (Confidential, Internal, Public)
  • Asset ownership, inventory, and lifecycle management
  • Encryption of sensitive data at rest and in transit
  • Secure backup, retention, and recovery processes

Technology & Infrastructure Security

  • Endpoint protection and anti-malware controls
  • Patch and vulnerability management
  • Network security and logging
  • Continuous monitoring and alerting

Physical & Environmental Security

  • Controlled office access and visitor management
  • Secure handling of laptops and devices
  • Segregated and secured Wi-Fi environments
  • Reliance on certified cloud data centres (AWS, Google Workspace, Zoho)

Incident & Risk Management

  • Formal incident response and escalation procedures
  • Defined remediation timelines based on risk severity
  • Regular risk assessments and vulnerability scans
  • Lessons learned and corrective actions tracked

Third-Party & Supply Chain Security

Consultivo recognises that cybersecurity risks extend beyond organisational boundaries. Our third-party management framework ensures:

  • Security due diligence before onboarding vendors or partners
  • Contractual information security obligations and NDAs
  • Need-to-know access provisioning
  • Timely revocation of access upon contract completion
  • Incident reporting and compliance monitoring

This approach supports secure collaboration across our value and supply chains.

Cloud-First, Secure-by-Design Operations

Consultivo does not host client data on on-premise servers. All business and client-scoped data is handled through enterprise-grade SaaS and PaaS platforms such as AWS, Google Workspace, and Zoho, which maintain globally certified data centres and security controls.

Our internal policies ensure secure configuration, access governance, monitoring, and vendor accountability.

Secure Communications & Website Security

  • All Consultivo websites enforce HTTPS using industry-standard TLS encryption
  • Encryption protects data in transit against interception and tampering
  • TLS implementation supports Consultivo’s ISO 27001–aligned ISMS
  • Measures align with DPDP Act requirements for reasonable security safeguards
  • Website security is periodically reviewed as part of broader cybersecurity governance

Transparency, Assurance & Continuous Improvement

Independent Security Posture & External Assurance

Consultivo’s information security posture is independently assessed through recognised external platforms. We currently maintain an UpGuard Security Rating of A (86%), reflecting strong cyber hygiene, secure configurations, and effective risk management practices.

Detailed assessment reports can be shared with clients and partners upon request and subject to a Non-Disclosure Agreement (NDA).

  • Our ISMS policies are formally approved by leadership and reviewed annually.
  • Security awareness training is mandatory for employees and consultants.
  • Controls are tested through audits, reviews, and vulnerability assessments.
  • Findings are tracked, remediated, and reported through governance mechanisms.

This structured approach demonstrates Consultivo’s commitment to information security maturity, ESG-aligned governance, and stakeholder trust.

Explore our Privacy Statement

Partner with Confidence

This Trust Centre underpins Consultivo’s commitment to being a dependable, governance-led ESG advisory organisation. By embedding information security and cybersecurity into leadership oversight, operational controls, and supply chain practices, we ensure that trust is not assumed  –  it is demonstrably earned.

By embedding information security and cybersecurity into governance, risk management, and ESG principles, Consultivo ensures that client engagements, data handling, and collaborations are conducted with integrity and resilience.

For any queries related to our information security framework or privacy practices, stakeholders may contact the Consultivo Information Security team through official communication channels.

Related Trust Centre Resources

Provide navigational links to your existing and new governance content, for example:

Ethics & Compliance Helpline EMail

governance@consultivo.in

Get in touch with us 

About Us

 Security at a Glance

  • Consultivo operates a formal Information Security Management System (ISMS) aligned with ISO/IEC 27001.
  • Information security is governed at leadership level, not treated as a standalone IT activity.
  • Personal and client data is handled in line with India’s Digital Personal Data Protection (DPDP) Act.
  • Access to information is strictly controlled using role-based access and least-privilege principles.
  • Cyber risks are regularly assessed, monitored, and addressed through structured risk management.
  • Third-party and value-chain partners are subject to security due diligence and contractual safeguards.
  • Consultivo maintains an UpGuard Security Rating of A (86%), reflecting strong cyber hygiene.
  • Security awareness training is mandatory for employees and consultants to build a security-conscious culture.
How to Use This Trust Centre

🔍 Understand Our Security
 Learn how Consultivo protects information, data, and digital assets.

🛡️ Review Our Governance
 See how cybersecurity is governed through ISO 27001–aligned controls and leadership oversight.

📄 Support Due Diligence
 Use this page for vendor reviews, client assessments, and trust validation.

🤝 Request More Information
 Detailed security reports are available on request, subject to NDA.

ESG, Sustainability CSR, Social and Community Development

Explore our solutions

Featured Solutions

Practices

100+

Solutions

  • Consultivo Academy announces in-depth live course on September 19th, 2025!

ESG Materiality Assessment Training

Online Expert-Led Course

Register now
View Course details

Consultivo BRSR Query Hub

Have a question as you wrap up SEBI BRSR 2025?

Register Your Organisation

Consultivo and Slate of Swan wish you joy and cheer this festive season.