There are numerous compliance and regulatory requirements covering various governance, technical and human information security issues. Some, like ISO27001:2005, are security management-centred. Other put a heavier emphasis on technology. For example, PCI DSS concentrates on safeguards and controls protecting cardholders data. Finance-oriented compliance, such as Sarbanes-Oxley, Basel II, FSA (see FSA Annex 2), and the upcoming insurance Solvency II, require thorough internal audits and strong audit trials security. Solvency II also emphasises risk management and operational effectiveness of key systems to capture, process, and report data. For companies and organisations that operate on the US market, FISMA and HIPAA can be critical.
Purely technical aspects of information security must be fully supported and reinforced by appropriate managerial procedures and controls. These procedures and controls, as well as all the actual countermeasures and their use, must be thoroughly documented. Our consultants can offer qualified assistance in solving a variety of information security management and technical issues, thus assisting you in meeting specific compliance and regulatory demands.
Arhont can help you to plan, implement and verify highly effective data and systems monitoring, control and auditing mechanisms, organise necessary information security training and awareness courses, execute compliance-centric security reviews, and prepare all needed documentation including security policies, guidelines, procedures, standards and manuals. We can also provide regular security audits tailored to satisfy any particular compliance needs your company or organisation is facing.
Unlike many of our competitors, Arhont always champions balanced and unified, yet highly individual approach to information security processes and systems, that equally cares about technical, management, operational and legal information security elements and aspects. We have a long-standing experience in assisting companies with various compliance and certification issues, running training courses that range from purely technical (e.g. on IT infrastructure and wireless security, or hands-on security assessments) to security management areas, creating all corporate information security documentation from scratch, and providing other ISMS-oriented services. With us, you will have no separate “security in the sake of security and compliance in the sake of being compliant”. Both matters will go hand in hand in perfect harmony.
- Valuable assistance in obtaining necessary industry or governmental standard certificates and accreditations
- Complete integration of technical, management and legal elements of data and systems protection
- Thorough professional analysis, discovery and elimination of compliance-relevant flaws, weaknesses and gaps
- Determining minimal information security baselines and defining effective management and technical measures to guarantee that these baselines are maintained
- Creating, auditing and updating security policies and guidelines in strict accordance with your business operations structure, security needs, compliance, regulatory and legal demands
- Exhaustive documentation of all processes, procedures, schematics, and other elements of corporate information security systems, verification and correction of all existing security documentation
- Bespoke information security training of your personnel, that covers specific areas you deem as the most important in a current situation