ISO 27001 – PCI DSS – IT Audits

ISO 22301 – ISO 37001 – ISO 9001

Let us work with you.

We have implemented ISO 27001 for more than 50 companies around the world.

The Implementation of ISO 27001 takes us an average of 6 months [Min:5 months – Max:12 months].

We have implemented PCI DSS for 3 companies, and they all passed.

The Implementation of PCI DSS takes us an average of 6 months [Min:3 months – Max:12 months].

We have conducted more than 20 IT audits.

An IT audit takes us on average 20 Days [Min:15 Days – Max:60 Days].

Our team’s certifications:-

CISSP, CEH, OSCP, CISA, CSM, CCNA Routing, CCNA Security, ISO/IEC 27001 Lead Auditor, ISO/IEC 27001 Lead Implementer,
ISO 31000 Risk Manager, ISO/IEC 27032 Lead Cyber Security Manager, ISO/IEC 27034 Lead Auditor,
PECB Lead Forensic Examiner, PECB Lead Penetration Tester, VMWARE Data Center Virt


ISO 27001 Process

1-Diagnostic audit

  • Agree on audit scope and objectives
  • Audit on-site
  • Presentation of the report

2- Organization of ISMS

  • Development of information security policy
  • Definition of organizational functions, roles, responsibilities and authorities
  • Definition and regulation of information risk management process
  • Definition and regulation of internal audit, management review, monitoring, measurement, analysis, evaluationnon, non-conformity and corrective action processes

3- Organization of risk management process

  • Inventory and asset description
  • Determine the criticality of assets
  • Assets register development
  • Information security risk assessment
  • Information security risk treatment

4- Implementation of the ISMS processes

  • Development of normative documentation to support the processes of the ISMS


PCI DSS Process

1- Defining the scope and PCI DSS documentation developing

  • Determining the scope of PCI DSS standard
  • Providing recommendations on the organization and construction of an information system in accordance with PCI DSS standard requirements
  • Developing the necessary top-level management documentation (policy) for managing IT / IS processes in accordance with PCI DSS standard

2- Implementing information security processes to ensure compliance with PCI DSS requirements

  • Implementing IT / IS processes to meet the requirements of PCI DSS standard
  • Risk assessment
  • Development of mid-level documentation for managing IT / IS processes
  • Conducting staff training for PCI DSS requirements

3- Periodic technical activities according to the PCI DSS standard

  • Wi-Fi Network Scan – quarterly
  • Network segmentation test – twice a year
  • Internal Vulnerability Scanning – quarterly
  • External ASV Vulnerability Scan – quarterly
  • Internal review of compliance with the requirements of PCI DSS – quarterly

4- Security assessment (conducting a penetration test) of an information system within the scope of the PCI DSS standard

  • External penetration test – once a year
  • Internal penetration test – once a year
  • Vulnerability assessment and attack modeling on WI-FI – once a year

Want to get a quick quote?

Shoot us an email at __ [email protected] __ or use the form below.