Governance, Risk and Compliance (GRC)

ISO27001

 

 

 

 

 

 

 

 

 

 

 

ISO 27001 is formally known as ISO/IEC 27001:2013 is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes. ISO27001 is the auditable international standard which defines the requirements for an Information Security Management System (ISMS). Achieving compliance with the requirements of ISO27001 shows the organization’s commitment to managing information security risks while at the same time reducing the cost of information security incidents and improving compliance with legal, regulatory and contractual requirements. It is a milestone for all those organizations who want to be perceived as professionally conducting business processes in a secure manner.

 

 

 

Why Tissec?

 

Our consultants include ISO 27001 Lead Auditor and Lead Implementer certified professionals can help your company in every aspect of ISO27001 compliance, advising from scope definition and policy writing up to the development of security awareness training. We can provide your rganization with the following services:

  • Gap Analysis
  • Risk Management
  • Selection of Security Controls
  • Policies and procedures review
  • Security Awareness Training
  • Development of key information security processes
  • Management of the third party certification process

 

ISO22301

 

 

 

 

 

 

 

 

 

ISO22301 is the international standard defining the requirements for the development of Business Continuity Management System (BCMS). Like for any other standard, the interpretation of its requirements and following implementation is the responsibility of the organization wishing to comply with the standard. Unlike other processes, business continuity is the one which, by definition, has the highest impact on the business and is therefore the most sensitive to oversights and mistakes by the organization. The inability to correctly interpret and meet the ISO22301 requirements can be quite costly for any organization in terms of the time needed to reach compliance but most and foremost in terms of the business impact.

 

Why Tissec?

 

Tissec can assist with achieving compliance with the requirements of ISO22301 by helping the organization in:

  • Defining a suitable scope of compliance
  • Managing all development phases of the BCMS
  • Assisting in building the BCMS organizational culture
  • Liaising with the Certification Body and manage the ISO22301 Certification process

 

PCI DSS

 

 

 

 

 

 

 

 

 

 

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.

Compared to other security standards such as ISO27001, PCI DSS is often considered a prescriptive standard because of its list of mandatory controls which an organization has to implement. Unfortunately “ticking” the compliance box for any given control does not necessarily mean the control is effective nor that information is securely managed. Achieving compliance with PCI DSS requires a diverse set of competences beyond just the ability to implement security controls. An organization must be able to minimize information exposure and opportunities for a breach through network and system re-design, process re-engineering, choosing and deployment complex technologies. Most organizations often engage directly with a PCI DSS QSA and go through a repeated set of audits until they “get it right”. Unfortunately such approach leaves the organization with little or no guidance towards achieving compliance with PCI DSS and it usually results in long and costly certification process.

Tissec can help your organization achieve compliance with PCI DSS by helping with:

    • Defining a suitable scope of compliance
    • Managing the implementation of security controls
    • Assisting in the development of security processes
    • Assisting in selection and deployment of advanced technologies
    • Liaising with the QSA and manage the PCI DSS Certification process