Information Security auditing
Is your company fully secured?
Are you looking to obtain a certification like ISO27000 or PCI-DSS?
Want a second opinion on your security program before asking a certification auditor to have an official look at it?
We can help to give you that opinion and the benefits of two decades of experience to help you reach the level required.
Implementing standards requirements is the wrong approach
Both the ISO27000 and PCI-DSS standards documents have a large list of requirements, controls or frameworks your company needs to adhere to before you can get certified. However, only looking at those lists of controls and seeing where you can implement them in your company is looking at it from the wrong perspective.
Think about it in a different way: would an plane builder design a new model plane purely by designing it’s parts and structure to meet the specifications or would they design a plane to be able to fly comfortably and safely and during the process keep the regulations and requirements in mind?
We believe the second approach should also hold for designing and executing your security program.
With that philosophy in mind, we will audit your company from the perspective of evaluating your security program it’s effectiveness for your specific business, company size and structure.
When we are satisfied it fits the bill, only then are we going to see if and how it fits the requirements for your chosen security certification.
In almost all cases, you can make the security standard requirements if your security program whilst at the same time delivering optimal protection and business enablement for your company.
Want to find out more? Then contact us today to find out how we can help your business tomorrow.
More Interested in our consultancy offers or want to obtain help with setting up an effective security program? Have a look at our information security consultancy services.