- Information Security Framework (ISO 27001)
Helping build your security strategy
To be truly secure, enterprise wide, you need the right strategy. This is where an information security framework will help your business:
- Manage and protect information in a consistent and cohesive way
- Showcase management commitment to protect your brand from cyber threats
- Improve the effectiveness and efficiency of your security controls
Having a compliant framework also ensures that information security requirements are aligned with business goals and objectives, and that security is everyone’s responsibility.
To help you, we follow requirements identified by ISO 27001 standard that assist to establish and implement an information security framework.
(ii) PCI-DSS Compliance and Privacy
Do you transmit, store and process credit card information? If so, we provide consultancy services to ensure you comply with the Payment Card Industry Data Security Standard (PCI DSS).
What is PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements imposed on any organisation that stores, transmits or processes credit card information.
We support you to comply with PCI-DSS requirements through our qualified security assessors. These experienced consultants can assist in developing a strategy to bring your organisation to compliance, and they perform a final assessment to validate compliance.
- Enterprise Security Architecture
Align Information Security to your Business Objectives
Implementing formal enterprise architecture allows your organisation to integrate security and risk into your business objectives. The result is consistency and traceability throughout your organisation.
To help you, we offer certified security architects that assist with planning and implementing the architecture across different layers from business drivers to operational. If required, we can also provide a full suite of enterprise architecture services.
- Business continuity management
Prepare and Protect your Organisation
Business Continuity Management (BCM) helps you plan, implement and maintain a documented management system to prepare, respond and recover from disruptive incidents.
When delivering business continuity management we follow the ISO 22301 (Business Continuity standard) using the following roadmap:
Business Continuity Governance – this sets the strategic direction allowing management to communicate goals and expectations
Business Impact Analysis and Risk Assessment which includes things like:
- Establishing the context of the assessment defining the criteria and evaluating the potential impact of a disruptive incident.
- Taking into account legal requirements.
- Providing systematic analysis, prioritising risk treatments.
- Defining the required output from the business impact analysis and risk assessment.
- Putting requirements in place to keep information up-to-date and confidential.
- Mandatory Data Breach Notification
In relation to the yet-to-be passed cyber security legislation, we at spearhead possess the technical acumen to provide unequalled advisory services and solutions to help prevent your organization from falling short to compliance and regulations set.
How we can help you
- Document the PII flow within your organisation
- Understand the effectiveness of the security controls currently in place
- Define a roadmap to improvethe effectiveness and efficiency of your security controls
- Help management demonstrate commitment to protecting personal information
- Quantify the level of risk to management and the board