Information Security & Cybersecurity
Zero
incidents or breaches or loss of data in information and cyber security
ISO 27001:22
(Information Security Management System) certification obtained for Adani Enterprises Limited
Focus Areas
Modernise IT architecture to enhance its resilience, improve business processes and meet market demands
Leverage industry best practices and advanced technology absorption
Proactive management of information and cybersecurity incidents
Build Cyber resilience with focus on Artificial Intelligence and Machine Learning
Operational Technology Cybersecurity
Cornerstones of Our Information and Cybersecurity Strategy
- Investments in cutting-edge technology
- Adherence to industry best practices and applicable frameworks
- Comprehensive employee trainings
Cultivating a Cybersecure Digital Infrastructure
Governance Risk and Compliance (GRC)
GRC plays a crucial role in cybersecurity, providing a framework for managing digital systems, third-party risks and regulatory compliance. It helps mitigate associated risks, ensures compliance with regulatory requirements and internal controls, and fosters a secure and compliant environment.
Board Level
- A four-member Information Technology & Data Security Committee (IT & DS) with 50% Independence, chaired by an Independent Director
- Oversees and reviews corporate policies, plans and programmes related to enterprise cybersecurity and data protection risks associated with the Company and its IT infrastructure
- Operates under a dedicated charter, available on the Company’s website, here
Business Level
- The Chief Information Security Officer (CISO) of each division is responsible for implementing necessary systems and procedures
- Ensures safeguarding organisational assets by optimising efficiency and effectiveness of security processes and infrastructure
Unit Level
- All units strictly adhere to IT and cybersecurity policies within their operations
- Units monitor their IT systems, conduct regular risk assessment and implement necessary data security protocols
- Train all employees, in alignment with the global best practices
Digitalisation and Cybersecurity Leadership in AEL
Dr Vinay Prakash
(Executive Director - AEL’s Board)
- Over 20 years of experience in Digitalisation, Information and Cybersecurity, at the Adani Group
- Instrumental in overseeing and helming digitalisation initiatives in Adani’s Natural Resources business
- Serves as a member of the Board-level Information Technology and Data Security Committee (IT&DS), providing strategic guidance on cybersecurity to the management
Shivkumar Pandey
(Chief Information Security Officer – Adani Group)
- Seasoned professional with 24 years of experience in cybersecurity, with proven track record in securing national critical infrastructure institutions
- Visionary leader in formulating robust defence strategies for complex, highly regulated environments
- Proficient in safeguarding critical assets and driving innovation in cybersecurity
Digital Personal Data Protection (DPDP)
In response to the introduction of the Digital Personal Data Protection (DPDP) Act 2023, AEL has commenced preparations to ensure compliance with the new legislation. Accordingly, AEL has undertaken the necessary steps to fulfil and adhere to expected compliance.
Cybersecurity Certification
Our IT infrastructure and information security management system are ISO 27001 certified, ensuring top notch data security and business continuity, even during cyber incidents or disasters.
Driving IT Security Excellence
- Regular external audits to validate integrity and resilience of our IT infrastructure and management systems
- Robust vulnerability management programme for proactive detection and mitigation of potential vulnerabilities within the IT infrastructure and applications
- Regular evaluation of business continuity and incident response procedures to ensure their relevance and effectiveness
- Clearly outlined escalation procedures, with an escalation matrix categorised by the severity of incidents, to ensure prompt response to cyberthreats
Training and Awareness
We conduct regular training sessions to equip our workforce with the knowledge and tools to effectively identify, prevent, and respond to cyber threats. Addressing the specific training needs, we offer various programmes that promote and foster cybersecurity culture in the organisation.
Our Cybersecurity training and awareness efforts include:
- Mandatory online courses on cybersecurity awareness, covering the fundamentals of data protection and threat mitigation techniques
- Awareness training workshops for new employees
- Continuous testing of employee awareness through simulated phishing attacks and trainings
- Regular email updates to all employees, keeping them informed about emerging cybersecurity threats, social media safety, and best practices for online security
Cybersecurity Commitment: Safeguarding Assets and Ensuring Trust
We are making investments in cutting-edge, niche cybersecurity technologies and building in-house capabilities to secure our assets against cyber threats.
The Adani centralised 24x7 Cyber Security Operations Center (SOC) monitors, detects, analyses, and responds to cyber security threats across all information systems utilising AI/ML technologies
Operational Technology (OT) Security is designed to protect critical infrastructure from cyber threats, ensuring operational efficiency, safety, and compliance. Furthermore, we are developing an OT Cyber Security Assessment Lab to facilitate benchmarking, skill enablement, cyber range, and product testing
Adani’s in-house Application Security (AppSec) function proactively assesses internally developed applications, ensuring a vulnerability-free ecosystem using DevSecOps methodologies, including SAST and DAST
Data Loss Prevention (DLP) technology monitors all data transfers to detect and prevent data exfiltration, securing confidential corporate information
Identity & Access Governance to ensure role-based access management and security of identities across enterprise strengthening control of identities
State-of-the-art Perimeter Security Controls are implemented to monitor and safeguard the network
