As we speak the ISO27001:2013 is the only auditable international standard which defines the requirements for an Information Security Management System (ISMS). Achieving compliance with the requirements of ISO27001 shows the organization's commitment to managing information security risks while at the same time reducing the cost of information security incidents and improving compliance with legal, regulatory and contractual requirements. It is a milestone for all those organizations who want to be perceived as highly professional and security oriented.

Why Silensec?

We have been practically working with ISO27001 since 2004 when it was still a British standard (BS7799-2). Since then, we have collaborated with the British Standards Institution (BSI) and co-authored the first ISO27001 Lead Implementer training and certification offered worldwide.

Our consultants can help your company in every aspect of ISO27001 compliance, advising from scope definition and policy writing up to the development of security awareness training. Moreover we can provide our clients with the following services:

  • Gap Analysis
  • Risk Management
  • Selection of Security Controls
  • Policies and procedures review
  • Security Awareness Training
  • Development of key information security processes
  • Management of the third party certification process

 

ISO22301 is the international standard defining the requirements for the development of Business Continuity Management System (BCMS). Like for any other standard, the interpretation of its requirements and following implementation is responsibility of the organization wishing to comply with the standard. Unlike other processes, business continuity is the one which, by definition, has the highest impact on the business and is therefore the most sensitive to oversights and mistakes by the organization. The inability to correctly interpret and meet the ISO22301 requirements can be quite costly for an organization in terms of the time needed to reach compliance but most and foremost in terms of the business impact.

Silensec can help an organization achieve compliance with ISO22301 by helping the organization in:

  • Defining a suitable scope of compliance
  • Managing all development phases of the BCMS
  • Assisting in building the BCMS organizational culture
  • Liaising with the Certification Body and manage the ISO22301 Certification process

 

Compared to other security standards such as ISO27001, PCI DSS is often considered a prescriptive standard because of its list of mandatory controls which an organization has to implement. Unfortunately “ticking” the compliance box for any given control does not necessarily mean the control is effective nor that information is securely managed. Achieving compliance with PCI DSS requires a diverse set of competences beyond just the ability to implement security controls. An organization must be able to minimize information exposure and opportunities for a breach through network and system re-design, process re-engineering, choosing and deployment complex technologies. Most organizations often engage directly with a PCI DSS QSA and go through a repeated set of audits until they “get it right”. Unfortunately such approach leaves the organization with little or no guidance towards achieving compliance with PCI DSS and it usually results in long and costly certification process.

Silensec can help an organization achieve compliance with PCI DSS by helping the organization in:

    • Defining a suitable scope of compliance

    • Managing the implementation of security controls

    • Assisting in the development of security processes

    • Assisting in selection and deployment of advanced technologies

    • Liaising with the QSA and manage the PCI DSS Certification process

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.