ISO 27001 – PCI DSS – IT Audits
ISO 22301 – ISO 37001 – ISO 9001
Let us work with you.
We have implemented ISO 27001 for more than 50 companies around the world.
The Implementation of ISO 27001 takes us an average of 6 months [Min:5 months – Max:12 months].
We have implemented PCI DSS for 3 companies, and they all passed.
The Implementation of PCI DSS takes us an average of 6 months [Min:3 months – Max:12 months].
We have conducted more than 20 IT audits.
An IT audit takes us on average 20 Days [Min:15 Days – Max:60 Days].
Our team’s certifications:-
CISSP, CEH, OSCP, CISA, CSM, CCNA Routing, CCNA Security, ISO/IEC 27001 Lead Auditor, ISO/IEC 27001 Lead Implementer,
ISO 31000 Risk Manager, ISO/IEC 27032 Lead Cyber Security Manager, ISO/IEC 27034 Lead Auditor,
PECB Lead Forensic Examiner, PECB Lead Penetration Tester, VMWARE Data Center Virt
ISO 27001 Process
- Agree on audit scope and objectives
- Audit on-site
- Presentation of the report
2- Organization of ISMS
- Development of information security policy
- Definition of organizational functions, roles, responsibilities and authorities
- Definition and regulation of information risk management process
- Definition and regulation of internal audit, management review, monitoring, measurement, analysis, evaluationnon, non-conformity and corrective action processes
3- Organization of risk management process
- Inventory and asset description
- Determine the criticality of assets
- Assets register development
- Information security risk assessment
- Information security risk treatment
4- Implementation of the ISMS processes
- Development of normative documentation to support the processes of the ISMS
PCI DSS Process
1- Defining the scope and PCI DSS documentation developing
- Determining the scope of PCI DSS standard
- Providing recommendations on the organization and construction of an information system in accordance with PCI DSS standard requirements
- Developing the necessary top-level management documentation (policy) for managing IT / IS processes in accordance with PCI DSS standard
2- Implementing information security processes to ensure compliance with PCI DSS requirements
- Implementing IT / IS processes to meet the requirements of PCI DSS standard
- Risk assessment
- Development of mid-level documentation for managing IT / IS processes
- Conducting staff training for PCI DSS requirements
3- Periodic technical activities according to the PCI DSS standard
- Wi-Fi Network Scan – quarterly
- Network segmentation test – twice a year
- Internal Vulnerability Scanning – quarterly
- External ASV Vulnerability Scan – quarterly
- Internal review of compliance with the requirements of PCI DSS – quarterly
4- Security assessment (conducting a penetration test) of an information system within the scope of the PCI DSS standard
- External penetration test – once a year
- Internal penetration test – once a year
- Vulnerability assessment and attack modeling on WI-FI – once a year