We provides consulting, legal support, compliance (ISO 27001, PCI-DSS, ISO 22301, GDPR, SOX, HIPAA) and internal policies (auditing and consulting to implement internet policies) services.
- Conduct a gap analysis between current situation and standard requirements
- Conduct a maturity assessment of the organization analysed
- Identification of standards principles
- Assistance to define action plan to comply with the standard
- Assistance in choosing certification perimeter based on business issues
- Compliance with the certification standard
See-Secure compliance service provides consultancy and guidance through the process.
The general approach of this project will involve several key activities, to be carried out by a team of security and privacy specialists:
Phase 1 – Identification
- Identify, document and confirm all business processes and IT assets.
- Identify and document all Private Data instances in all sources and locations in the environments associated to the business processes and IT assets.
- Document all entities involved for each process (e.g. process owner, business owners, department)
- Map interfaces to other processes in business.
- Personal Data Process and Asset chart.
Produce a Private-Data Asset and Process Inventory
- Create a formal register of Private-Data, for each underlying IT system and overlaying process.
- Organizational Processes and Assets inventory, inclusive of the data mapping elements: Physical/Logical Location of each data instance, Data Owner, Data Flow- Input and Output routes, Access Control, Replication and more.
Phase 2 – Compliance Assessment and Implementation
- Based on the Data Mapping, evaluate existing and missing regulation controls and compliance objectives
- Determine overall posture against regulation
- Regulation Compliance report, including the following elements:
- Executive Summary
- Existing/missing compliance regulation processes and controls
- A quantitative figure attained offering the posture
- Remediation and Recommendations
- Provide an account by which the compliance can be achieved
- Mitigation factors required to facilitate compliance with the Compliance
- Continuously track and monitor compliance process activities
- Perform a periodic compliance progress assessment
- Updated Compliance report