Information system security is a major challenge for companies and institutions and is an integral part of their organization
Nowadays, it is important to protect information but also its transfer through the Information System. In addition, the security of the Information System must allow secure access to data.
One of the challenges for a State or a company consists in (re)knowing and taking into account the vulnerabilities of its Information System. The direct consequence is the implementation of a policy related to the Information System and its security.
What we offer
To guarantee this security, we can offer you:
- A security analysis
- A risk analysis
- An ISO gap
- A GDPR gap
- An ISO implementation
- GDPR compliance
- An IT continuity plan
- A disaster recovery plan
Security Analysis - Risk Analysis - Gap ISO 27001/22301 - GDPR - ISO Implementation
Security analysis is a diagnosis of the risk factors to which an organization exposes its information system.
It corresponds to an IS inventory, a mapping in its current version in order to identify the security rules in force: physical and digital IS security, to identify shortcomings and areas for improvement and to list recommendations according to the company, its activities and its investment capacity
Risk Analysis is a process used to understand the nature of the hazards and to determine the level of risk of the company.
This risk analysis then determines recommendations to be implemented and proposes an associated action plan.
This risk analysis examines all potential risk areas with the aim of assessing:
- The technical context and the specific target IT environment,
- Business imperatives and their consequences on the information system,
- The strengths and weaknesses of the IS implemented, administered and used,
- Operational and organizational strengths and weaknesses,
- Identification of areas of progress based on associated best practices
Gap ISO 27001/22301
The ISO Gap is a gap analysis to the requirements of the ISO 27001 Standard and/or others.
This analysis makes it possible to identify deviations from the standard and determine mandatory compliance requirements
ISO 27001 is a standard related to the information security management system (WSIS or ISMS, Information Security Management System). ). It is an international repository of security practices, comparable to NIST SP-800. This standard helps organizations improve their security, comply with cyber security regulations and protect and improve their reputation.
The ISO 22301 standart makes it possible to understand and prioritize the threats facing the company.
It specifies the requirements of a management system to protect the company from disruptive incidents, reduce their probability and ensure recovery. This certification allows you to anticipate and improve the resilience of your organization.
Fire, cyber attacks, disruption of the telephone network… a disaster can quickly jeopardize an organization and its relationships with its customers.
What we do:
- Carrying out an IS security inventory
- Analysis and evaluation of security measures already in place
- Implementation of a guidance plan and recommendations to improve the security policy
- Risk analysis to identify the different risks involved
- Business case
(GDPR: General Data Protection Regulations)
This gap analysis and compliance analysis with the provisions of the General Regulation on the Protection of Personal Data, which entered into force on 25/05/2018 (EU).
This makes it possible to verify the compliance of the organization and its information system with the requirements of the Regulations, to identify gaps and areas for improvement, to highlight strengths and to establish a provisional action plan.
Objective: to establish a real risk mapping and a precise mapping between the treatments carried out and the solutions involved
What we can do for you:
- Analysis of your Information System
We assess the gap between your current organization and the requirements of the GDPR. We will then be able to determine the size of the challenge in front of you.
- Assistance with compliance
We provide you with turnkey, personalised support in order to comply with the new European regulation on the protection of personal data.
- Provision of a DPO (Data Protection Officer)
We provide you with a Data Protection Officer who will be the true leader of data protection compliance.
This operation to comply with the requirements of the ISO Standard Standard type ISO.
Its objective is to set up the compliance of the organization and its information system with the requirements of the standard, in order to fill in the gaps and propose areas for improvement. Then a continuous improvement plan is established as well as a certification path project.
BUSINESS CONTINUITY PLAN (BCP)
Nowadays, companies are very dependent on their information systems.
The business continuity plan defines a concept, a procedure and above all the document that describes it. It allows a company to operate even in the event of a disaster or major crisis.
The Disaster Recovery Plan»
A disaster recovery plan (DRP) is a set of procedures (technical, organizational, security) that allows a company to anticipate, rebuild and restart an information system in the event of a major disaster or critical incident.
What we offer you :
We support you in the implementation of a security policy adapted to your structure,
Designing Information System Security according to the activity, the context, the business environment, the assets to be protected with a short and medium term vision to anticipate evolutions.
We analyse your risks, we define the level of security of your information system to identify areas for improvement and define investments.
STATUS OF PLACE
We carry out an IS security inventory.
We help you in your GDPR compliance.
Analysis and evaluation of security measures already in place
We are implementing a document and a policy plan as well as recommendations to improve the security policy.
ISO 27001/22301 NORMATIVE AUDIT
We identify the strengths and weaknesses of your IS to propose short, medium and long-term solutions.