Uma Ramani has served the Rs 4,933 crore Infrastructure Development Finance
Company (IDFC) since 1998 (13 years) and has been instrumental in the conceptualization, design and implementation of IT policies and procedures at IDFC. In the capacity of Vice President - IT, her responsibilities include new standards implementation and compliance, besides facilitating internal, external, vendor and regulatory audits. She is a business management graduate, a qualified CISA (Certified Information Systems Auditor) and a CIA (Certified Internal Auditor), besides being an ISO 27001 lead Auditor and Implementer.
Uma contributed significantly in helping the company get its ISO 27001 certification, four years ago. And more recently, she helped in securing TUV’s certification for Energy Efficient Data Center, which incidentally is the first such certification by TUV in India. In another major project, Uma helped the IDFC in getting a Tier III certification from the Uptime Institute, USA for its data center design. The primary role for Uma in the past few years is to provide assurance to senior management on appropriate security control in the IT environment supporting business.
Her mentor V C Kumanan, Sr Director – IT, IDFC acknowledges Uma’s grasp on the issues at hand and the challenges with regards to the business. He says, “While technology may be a complex area, understanding the business implication and the cost/value proposition is a quality in this person that makes her important to business — and therefore she is a CIO in the making. Uma takes every issue to its complete closure with focus on the end result. This is something I have learned from her and implemented.”
CHALLENGES
Compliance requires considerable cooperation from the rest of the team and the organization as a whole; everyone needs to understand the benefit of compliance rather than seeing it as a necessary evil. And Uma introduced some innovative approaches to ensure this — these were well received by the organization.
PROJECTS Uma has been a catalyst for IDFC getting its ISO 27001 certification. More recently, IDFC completed a full cycle of certification, and the re-certification involved inclusion of its securities business as part of the scope. This initiative was much appreciated as this business was more real-time and regulated. Internal IT Audit was another initiative undertaken on a year-on-year basis. These audits are comprehensive and all aspects of information and related technologies are reviewed completely every year, with appropriate actions taken to plug weaknesses. This year a concept of pre-implementation audits for all new infrastructure and application implementations was also undertaken.
The Tier III certification for IDFC’s data center design, was an initiative taken by Uma, who supervised the project right from the conception to design and certification. Apart from intricate knowledge of compliance and the mundane task of talking and convincing various vendors, Uma needed to develop knowledge of electrical systems, generators, fuel systems, and cooling systems.
For the Green Data Center initiative, Uma had to identify a certifying body (TUV Rheinland) from Europe. Again, this was the first such certification in the country. More importantly, the green initiative was established not just as an one time effort but more as a sustainable improvement program.