Strengthening global humanitarian operations with security testing

The client faced increasing complexity in managing large volumes of requests and sensitive data across distributed teams. They needed to eliminate incomplete documentation, inconsistent access controls, potential weaknesses in systems integrations to avoid security risks.
Their priorities included enforcing multi-factor authentication for accounts handling sensitive information, establishing a data classification framework, and ensuring consistent authentication methods to reduce integration risks. 
They also needed a structured approach to ongoing monitoring and compliance with global standards.

Nagarro conducted a security assessment aligned with NIST CSF 2.0, ISO 27001:2022, and ServiceNow best practices. We evaluated more than 150 controls across 20 security domains tested over 200 API endpoints and 30 portals against OWASP Top 10 risks. 
Workshops and interviews with administrators, developers, and stakeholders helped address documentation gaps and analyze existing processes, while integration reviews traced data flows and assess associated risks.
As part of the remediation strategy, we designed a step-by-step approach to extend multi-factor authentication to privileged and high-risk users. We implemented an adaptive authentication framework for global teams. 
A ServiceNow-powered data classification and encryption strategy and Security Center deployment ensured real-time visibility into the organization’s security posture. Additionally, we mapped gaps against NIST CSF and ISO 27001 controls, with defined remediation paths that allowed the client to prioritize investments based on risk and compliance requirements. 

The assessment delivered a sustainable security model aligned to the global standards and highlighted the potential security risks. 
It revealed five critical and 12 high-severity vulnerabilities, uncovered sensitive HR data exposure in a test environment accessible to external consultants, and identified 52 client-callable scripts lacking proper access controls. 
We neutralized these issues through targeted remediation within defined SLAs, significantly reducing immediate risks.
The NGO now has stronger authentication for privileged users, encrypted storage for sensitive records, and improved compliance alignment with both NIST and ISO standards. 
With Security Center in place, monthly review cadences, and a framework for continuous assessments, the client achieved immediate risk reduction and laid the foundation for long-term resilience in its ServiceNow environment.