COMPLIANCE AND STANDARDS
Over the past decade, we have seen a significant increase in the number of regulations and standards related to cybersecurity. While some industries are more regulated than others, public awareness of data security has led to companies in all industries being required to demonstrate compliance with one or more standards.
In the past, this was often seen as a mandatory "check the box" exercise. This compliance can be a lever to strengthen your cybersecurity strategy.
With an approach adapted to your company's culture, our consultants will help you achieve compliance. We can benchmark your company's level of compliance against other similar companies. We can work with your team to develop internal written policies and procedures, conduct audits and formulate a communication and training plan.
GENERAL DATA PROTECTION REGULATION (GDPR)
Acensi offers a range of advisory and monitoring services to help you comply with the GDPR. From gap analysis, improvement plan and governance to producing a set of documents and providing a DPO as a service.
The key to an effective RGPD compliance program is understanding what data you hold. Before your company begins to identify and locate its sensitive data, an asset discovery exercise helps to locate all devices and create an inventory. Visibility is key and having technology in place to effectively identify data and its location is an important part of a successful data discovery exercise.
We offer data classification solutions to educate your employees about the value and sensitivity of the information they handle, working with you to ensure that your classifications integrate with your security policies and that sensitive data is easily searched, identified and retrieved if necessary.
Acensi can help you determine how your critical data is handled. Enabling you to monitor, manage and control data, using behavioral analysis and machine learning, reduce the risk of a data breach or data leakage within your organization.
The key to an effective RGPD compliance program is understanding what data you hold. Before your company begins to identify and locate its sensitive data, an asset discovery exercise helps to locate all devices and create an inventory. Visibility is key and having technology in place to effectively identify data and its location is an important part of a successful data discovery exercise.
We offer data classification solutions to educate your employees about the value and sensitivity of the information they handle, working with you to ensure that your classifications integrate with your security policies and that sensitive data is easily searched, identified and retrieved if necessary.
Acensi can help you determine how your critical data is handled. Enabling you to monitor, manage and control data, using behavioral analysis and machine learning, reduce the risk of a data breach or data leakage within your organization.
EU DIRECTIVE ON NETWORK SECURITY
AND INFORMATION SYSTEMS (NIS DIRECTIVE)
The EU Directive on the Security of Networks and Information Systems (the NIS Directive) is the first piece of European cyber security legislation. The NIS Directive applies to essential service operators (ESOs) that are established in the EU and to digital service providers (DSPs) that offer services to individuals within the EU. An ESO is an operator that provides an essential service to society and the economy, for example energy or water suppliers.
By May 2018, France and all other EU Member States must have translated this into national law, and then by November 2018 they must have identified the ESOs (essential service operators) and DSPs (digital service providers) to which it applies.
Acensi can work with you to identify gaps in your current IS regime and develop an IS improvement plan to meet the high level security principles of the NIS Directive. Our service offers:
Visibility: gain an understanding of NIS risks, challenges and threats.
Control: Improve and create NIS controls to better mitigate and remediate threats.
Focus: Direct security resources/budgets to improve NIS security coverage and enhance return on investment
By May 2018, France and all other EU Member States must have translated this into national law, and then by November 2018 they must have identified the ESOs (essential service operators) and DSPs (digital service providers) to which it applies.
Acensi can work with you to identify gaps in your current IS regime and develop an IS improvement plan to meet the high level security principles of the NIS Directive. Our service offers:
Visibility: gain an understanding of NIS risks, challenges and threats.
Control: Improve and create NIS controls to better mitigate and remediate threats.
Focus: Direct security resources/budgets to improve NIS security coverage and enhance return on investment
ISO 27001: 2013
ISO 27001 compliance or certification demonstrates that an organization is following information security best practice guidelines which are measured by continuous analysis, evaluation and rigorous reviews of the security policy.
The benefits of achieving or conforming to ISO 27001 include: the ability to demonstrate to customers that your organization is committed to security, frequently avoiding the need for independent second party security audits or questionnaires. It provides a competitive advantage by validating that you are a trusted organization. The ability to respond quickly and more quickly to recovery in the event of a breach. Ensures robust business continuity and disaster recovery planning. Provides visibility to economically targeted resources: people, skills, budget and time and demonstrates accountability for information security under audit conditions.
Customers and third party organizations are increasingly demanding that organizations demonstrate that they are implementing robust information security; the standard is a reliable measure that good policies, procedures and technical controls are implemented and reviewed regularly.
We have been working with ISO 27001 since 2005 and have a proven track record of successfully guiding our clients to compliance or certification through our pragmatic and expert consultants.
The benefits of achieving or conforming to ISO 27001 include: the ability to demonstrate to customers that your organization is committed to security, frequently avoiding the need for independent second party security audits or questionnaires. It provides a competitive advantage by validating that you are a trusted organization. The ability to respond quickly and more quickly to recovery in the event of a breach. Ensures robust business continuity and disaster recovery planning. Provides visibility to economically targeted resources: people, skills, budget and time and demonstrates accountability for information security under audit conditions.
Customers and third party organizations are increasingly demanding that organizations demonstrate that they are implementing robust information security; the standard is a reliable measure that good policies, procedures and technical controls are implemented and reviewed regularly.
We have been working with ISO 27001 since 2005 and have a proven track record of successfully guiding our clients to compliance or certification through our pragmatic and expert consultants.
LET'S TALK!
FOR MORE VISIBILITY AND CONTROL, PLEASE CONTACT US.
We would be delighted to hear from you!
We would be delighted to hear from you!