Compliance with external standards such as PCI and ISO 27001 is a top priority for many organizations. For some it is driven by the requirement to conform to industry or legislative regulations and is effectively a license to trade. For others it provides demonstrable assurance of information and data handling processes to gain significant competitive advantage in the marketplace.
Becoming certified to the ISO 27001 standard demonstrates to customers, auditors and other third parties that you are serious about managing information security. Whether you are using the standard as a guideline, working towards certification or already certified we can provide expert assistance in a number of ways.
Compare and document you current management system with the requirements of the standard.
Taking a pragmatic approach to assessing the risks to your key information assets.
Developing Policies and Procedures
Practical and brief enough to be useable but robust enough to allow you to effectively control data and information security.
Aimed mainly at organisations who are already certified who need assistance with the internal audit workload or who would benefit from a fresh pair of eyes.
Providing experience to help you through the certification project and final audit.
Review of internal and external audit, incident records and updated risk assessment to help you ensure continual improvement of your ISMS.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements developed to reduce credit card fraud and increase data security. This industry standard affects every company that deals with (stores, processes of transmits) card payment transactions. The PCI DSS requires companies to:
– Protect Cardholder Data
– Maintain a Vulnerability Management Program
– Implement Strong Access Control Measures
– Regularly Monitor and Test Networks
– Maintain an Information Security Policy
Krypsys has access to some of the best PCI DSS QSAs (Qualified Security Assessors) in the UK who can undertake PCI compliance audits in addition to assisting organisations gain and maintain compliance with the standard. It is important to remember however, that information security is a broad discipline and access to a wider skill set is very important when seeking to accomplish and maintain standards in complex environments. To achieve this Krypsys is able to pull on expert consulting across a range of technical, governance, auditing, and project management competencies.
Please contact us for details of our security compliance services.