Risk Management and Compliance Service
Discover Our Expertise
Effective cyber resilience is more than just a tick-box exercise. Security is an on-going practice and you need to have an effective governance structure.
While many firms claim to adhere to a recognised framework – ISO27001, PCI DSS, NIST, Cyber Essentials – in reality you need to blend a variety of these concepts to deliver policies, standards and processes that are unique to your business.
Our team will work with your key stakeholders to create a governance programme that drives cyber security and information assurance behaviours throughout your business, promoting good practice and achieving more than the sum of the parts.
We will help in implementing globally accepted controls framework such as ISO 27001 and PCI DSS. Implementing any of these frameworks requires a systematic approach to analysing the key risk areas, identifying and documenting the controls and then monitoring and measuring the compliance.
We offer the following services as part of Risk Management and Compliance the service suite:
ISO/IEC 27001 Information Security Standard
PCI DSS - Payment Card Industry Data Security Standard
If you would like to talk to us about our services, or how we can help you secure your organisation
Our ISO/IEC 27001 Service Offering
The ISO 27001 Information Security Standard provides a structured framework for the implementation of an Information Security Management System (ISMS) within your organisation.
We provide ISO 27001 compliance and pre-certification audit services.
Our team consists of experienced ISO 27001-certified lead auditors and implementation experts, with the right blend of technical and business process know-how. Thus, providing a balanced approach to the entire exercise.
Our ISO 27001 compliance approach is to start with a risk assessment exercise that follows below activities:
Review information security policy and security architecture to advise on and agree scope of the Information Security Management System (ISMS)
Agree on Statement of Applicability (SoA)
Review controls (interview, observation, inspection)
Information security management status report and findings
Final report with recommendations for improvement and options for implementation of ISO 27001.
Implement the recommendations to bridge the identified gaps
Our PCI DSS Service Offering
The Payment Card Industry (PCI) consists of all the organisations which store, process and transmit cardholder data. PCI denotes the debit, credit, prepaid, e-purse, ATM, and POS cards and associated businesses
PCI Data Security Standard (DSS) is jointly released by card companies aimed at protecting card holder data. The standard requires the members, merchants, and service providers using credit card facilities to carry out regular PCI Scans and PCI Security Audits post compliance.
The PCI DSS version 3.2 is comprised of six control objectives, which in turn contain twelve specific controls as outlined below:
Build and Maintain a Secure Network and Systems
1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
5. Protect all systems against malware and regularly update anti-virus software or programs
6. Develop and maintain secure systems and applications
Implement Strong Access Control Measures
7. Restrict access to cardholder data by business need to know
8. Identify and authenticate access to system components
9. Restrict physical access to cardholder data
Regularly Monitor and Test Networks
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an Information Security Policy
12. Maintain a policy that addresses information security for allpersonnel
We provide a complete PCI DSS consultancy services starting from planning, designing, implementation to accreditation including PCI DSS Qualified Security Assessor (QSA) services.
If you would like to talk to us about our services, or how we can help your organisation