Regulation Compliance

We provides consulting, legal support, compliance (ISO 27001, PCI-DSS, ISO 22301, GDPR, SOX, HIPAA) and internal policies (auditing and consulting to implement internet policies) services.

Day(s)

:

Hour(s)

:

Minute(s)

:

Second(s)

Compliance Review

  • Conduct a gap analysis between current situation and standard requirements
  • Conduct a maturity assessment of the organization analysed

Alignment

  • Identification of standards principles
  • Assistance to define action plan to comply with the standard

Certification

  • Assistance in choosing certification perimeter based on business issues
  • Compliance with the certification standard

See-Secure compliance service provides consultancy and guidance through the process.
The general approach of this project will involve several key activities, to be carried out by a team of security and privacy specialists:

Phase 1 – Identification

Private-Data Mapping

Main objectives:

  • Identify, document and confirm all business processes and IT assets.
  • Identify and document all Private Data instances in all sources and locations in the environments associated to the business processes and IT assets.
  • Document all entities involved for each process (e.g. process owner, business owners, department)
  • Map interfaces to other processes in business.

Deliverable:

  • Personal Data Process and Asset chart.

Produce a Private-Data Asset and Process Inventory

Main objective:

  • Create a formal register of Private-Data, for each underlying IT system and overlaying process.

Deliverable:

  • Organizational Processes and Assets inventory, inclusive of the data mapping elements: Physical/Logical Location of each data instance, Data Owner, Data Flow- Input and Output routes, Access Control, Replication and more.

Phase 2 – Compliance Assessment and Implementation

Compliance

Analysis Objectives:

  • Based on the Data Mapping, evaluate existing and missing regulation controls and compliance objectives
  • Determine overall posture against regulation

Deliverable:

  • Regulation Compliance report, including the following elements:
    • Executive Summary
    • Existing/missing compliance regulation processes and controls
    • A quantitative figure attained offering the posture
  • Remediation and Recommendations
    • Provide an account by which the compliance can be achieved
    • Mitigation factors required to facilitate compliance with the Compliance

Work-Plan Assessment

Objective:

  • Continuously track and monitor compliance process activities
  • Perform a periodic compliance progress assessment

Deliverable:

  • Updated Compliance report