NASRHUMA INC.

Overview of Service Offerings

NHI Inc. nasrhuma.com Irvine.Toronto

GRC-Automated Governance, Risk, and Compliance Management

Enterprise Level- Solutions for Governance, Strategy, Enterprise Risk Management,

Executive Reporting Dashboards

Function Level-Manage continuous audit of business and technology processes

Transaction Level- Prevent and approve transactions to enforce internal controls

Design and implementation of internal controls framework for automated controls Business process design for automating management of audit function processes Implementation of automated tools for managing audits

Design and implementation of automated tools for enforcing preventive controls in configuration change management,

Design and implementation of tools for enforcing automated controls in application security, user provisioning, segregation of duties, and transaction processing in compliance with a multitude of regulators.

Mapping of regulations to automated controls

Unification of internal controls frameworks in one tool

Needs assessment, business case preparation, RFI/RFP, and vendor assessments

Information Security

3rd Party HIPAAPCI SOX Privacy● ● ●

Program

NH

I I

nc.

nasr

hum

a.co

m

Irv

ine.T

oron

to

GRC Maturity Roadmap

Time

ReactiveProactive

Optimized

Ma

turi

ty

• Compliant but at a high cost to business

• Manual control

• Adhoc approach

• No best practices

• Risks are documented

• Manual risk assessment and reporting

• Tactical approach

• After the fact reporting

• Policies are enforced

• Automated Process

• Unified, standardized & strategic approach

• Prevent policy violation

• Analyze and trend

• Automated risk mitigation / Predictive risk assessments

• GRC objectives embedded throughout the organization

Progressive enterprises enhance profitability by understanding and managing risk intelligentlySmart growth targets and adjustment of risk appetites can be based on realistic assessment to capacities to take risks at all levels

Maturity Curve Assessment Assessment of enterprise on how it fares on a risk maturity curve in relation to its industry’s benchmarks RoadmapCharting out a roadmapfor becoming risk intelligent and profitable at a pace that is adjustable for changing business climate

Embedding risk intelligent cultureStrategies for organizational change in people and process to embed risk-aware culture to better manage operational andreputational risks in all initiatives and programs.

NH

I I

nc.

nasr

hum

a.co

m

Irv

ine.T

oron

to

ERP Security and Control

ERP SecurityDesign and implementation of application security for business processes, business intelligence, interfaces in major ERP systems such as SAP, Oracle, PeopleSoft and JD Edwards

Process Controls Design and implementation of internal controls related to business process, application configuration controls, and software change management baeslines.

Identity IntegrationIntegration of fine-grained authorization with externalized coarse-grained authorization on enterprise directory level.Authentication, Single Sign On, and integration of ERP applications with identity management web services.

Interface & Data Migration ControlsDesign and implementation of controls to manage the risk of data integrity, completeness, and security in transmission of data between ERP and third party subscribing of publishing systems

NH

I I

nc.

nasr

hum

a.co

m

Irv

ine.T

oron

to

Data Privacy

De-identify sensitive data•Solutions assist in enforcing controls over sensitive data by enabling organizations to de-identify, mask and transform sensitive data across the enterprise in test environments•By masking personally-identifying information, solution protects the privacy and security of confidential customer, patient, and employee data to demonstrate supports compliance with privacy regulations

Mapping of Regulations to controls in systemsMapping of Privacy Act, GLBA, HIPPA, and PIPEDA to automated controls in systems processing sensitive data.

PIAConduct Privacy Impact Assessments on business system where sensitive data in processed

Lost Laptop or other device

35%

Hackers7%

Inside Job/Malicious

Code9%

Misplaced Paper9%

Lost Electronic Backup

19%

Third Party Outsource

Breach21%

How Personal Data Is Lost

International regional responses EU DPD, APEC Privacy Framework, Safe Harbor (EEA – U.S.)

NationalUS Gramm-Leach-BlileyCanada PIPEDAAustralian Privacy Act

State/ProvincialCalifornia SB1NY Security and NotificationBritish Columbia Bill 73

ContractsClientsPartnersVendorsSeal Programs

PoliciesPrivacy PoliciesSecurity Policies

Industry and professional standardsAICPA/CICA

NH

I I

nc.

nasr

hum

a.co

m

Irv

ine.T

oron

to