Email:infosec@ascella.in
A Bengaluru-based SaaS health-tech platform delivering OPD management and employee wellness solutions for retail and insurers. The company was in advanced talks to integrate with a leading Indian private insurance provider’s digital health ecosystem.
The insurer initiated a Third-Party Risk Management (TPRM) audit as part of vendor onboarding. The client, despite having a strong product, lacked compliance maturity and enterprise-grade documentation. The audit scope included:
-> Application and cloud security
-> Data handling practices (especially PHI)
-> Incident response protocols
-> Regulatory alignment with IRDAI and ISO 27001
Without any prior experience in enterprise TPRM assessments, the client was at risk of losing the opportunity.
Ascella Infosec partnered with the client to deliver a 4-week fast-track TPRM readiness engagement, focused on documentation, technical remediation, and audit support.
-> Mapped insurer’s TPRM checklist to the client’s systems, processes, and policies
-> Conducted a simulated audit to identify documentation and control gaps
Developed key missing policies:
- Incident Response Plan
- Data Retention Policy
- Access Control
- Vendor Risk Management
Conducted a simulated audit to identify documentation and control gaps
-> Conducted Vulnerability Assessment & Penetration Testing (VAPT) of web apps and APIs
-> Delivered mitigation for high-risk issues within 7 days
-> Created audit-ready packs: SOPs, system logs, access control records
-> Represented the client on calls with the insurer’s InfoSec team and handled queries
-> Cleared TPRM Audit in just 3 weeks
-> Onboarded as an approved technology partner by the insurance company
-> No red flags during security or compliance evaluation
-> Established foundational InfoSec SOPs and documents for future audits
