ISO 27001 – PCI DSS – IT Audits
ISO 22301 – ISO 37001 – ISO 9001
We can help with Business Continuity Planning, Data Retention, Incident Response, Risk management, Data Pipelines, etc.
Let us work with you.
We have implemented ISO 27001 for more than 50 companies around the world.
The Implementation of ISO 27001 takes us an average of 6 months [Min:5 months – Max:12 months].
We have implemented PCI DSS for 3 companies, and they all passed.
The Implementation of PCI DSS takes us an average of 6 months [Min:3 months – Max:12 months].
We have conducted more than 20 IT audits.
An IT audit takes us on average 20 Days [Min:15 Days – Max:60 Days].
Our team’s certifications:-
CISSP, CEH, OSCP, CISA, CSM, CCNA Routing, CCNA Security, ISO/IEC 27001 Lead Auditor, ISO/IEC 27001 Lead Implementer,
ISO 31000 Risk Manager, ISO/IEC 27032 Lead Cyber Security Manager, ISO/IEC 27034 Lead Auditor,
PECB Lead Forensic Examiner, PECB Lead Penetration Tester, VMWARE Data Center Virt
ISO 27001 Process
- Agree on audit scope and objectives
- Audit on-site
- Presentation of the report
2- Organization of ISMS
- Development of information security policy
- Definition of organizational functions, roles, responsibilities and authorities
- Definition and regulation of information risk management process
- Definition and regulation of internal audit, management review, monitoring, measurement, analysis, evaluationnon, non-conformity and corrective action processes
3- Organization of risk management process
- Inventory and asset description
- Determine the criticality of assets
- Assets register development
- Information security risk assessment
- Information security risk treatment
4- Implementation of the ISMS processes
- Development of normative documentation to support the processes of the ISMS
PCI DSS Process
1- Defining the scope and PCI DSS documentation developing
- Determining the scope of PCI DSS standard
- Providing recommendations on the organization and construction of an information system in accordance with PCI DSS standard requirements
- Developing the necessary top-level management documentation (policy) for managing IT / IS processes in accordance with PCI DSS standard
2- Implementing information security processes to ensure compliance with PCI DSS requirements
- Implementing IT / IS processes to meet the requirements of PCI DSS standard
- Risk assessment
- Development of mid-level documentation for managing IT / IS processes
- Conducting staff training for PCI DSS requirements
3- Periodic technical activities according to the PCI DSS standard
- Wi-Fi Network Scan – quarterly
- Network segmentation test – twice a year
- Internal Vulnerability Scanning – quarterly
- External ASV Vulnerability Scan – quarterly
- Internal review of compliance with the requirements of PCI DSS – quarterly
4- Security assessment (conducting a penetration test) of an information system within the scope of the PCI DSS standard
- External penetration test – once a year
- Internal penetration test – once a year
- Vulnerability assessment and attack modeling on WI-FI – once a year