Our risk and vulnerability assessment includes the following: 

• Current and detailed description of your organizations's business and technological environment and existing security measures in place including identification of location, systems and methods for maintaining information;
• Identification of information and the information systems to be protected specifically;
• Classification and ranking (high, medium, low) of the sensitive systems, applications in order of their importance and based on the assessment of threats and vulnerabilities or risk assessment;
• Assessment of potential threats and vulnerabilities to security and integrity of data, information systems and applications;
• An evaluation of existing Security Controls' effectiveness against each threat and vulnerability
• Security and contractual responsibilities of Service Providers (SPs), including customers who have access to the licensee's systems and data;
• Compliance, concentration, operational, country and legal risks shall be assessed by the licensees before entering into the contract, while managing information security outsourcing arrangements with the SPs;
• The Security Risk / Vulnerability Assessment shall be carried out at least once a year; however, in case of a major security breach, significant changes to the infrastructure and introduction of a new product or service, an immediate review of risk assessment shall be carried out. Further, in case of a major security breach, risk assessment review shall include a detailed analysis of the factors that cause such security breaches.