Information Security Compliance Services

Cyber Security Compliance Services

Information and cyber security compliance services help organisations to mitigate business risks by measuring, uplifting, and adhering to specific frameworks. Processing or holding organisational and/or customer data, may require you to adhere to one or more specific standards due to legislative requirements, contractual obligations, or to prove a level of information security to customers and third parties.

As well as having security cleared personnel, Security Centric assessors are able to assist with the following standards and frameworks: ISO 27001 & 27017, IRAP ISM, PCI DSS, Privacy Act, NIST, GDPR, APRA, ASIC, NSW DISP.

iso-27001-logo

ISO 27001

The ISO 27001 Information Security Management is a globally recognised standard, providing a framework that dictates an Information Security Management System (ISMS) to which organisations adopt. While organisations may have adopted certain security measures to protect their informational assets, these can be unstructured, reactive, and based on identified threats at a point in time. ISO 27001 sets a series of mandated processes and controls that encompass the organisations’ information security holistically; it is not only related to IT teams and systems, but physical security, business continuity planning and non-IT informational assets.

While certification is not obligatory, achieving ISO 27001 certification signals that your business takes information security seriously, and has adopted best practices surrounding access controls, documentation, auditing and has put processes in place to protect both your organisations’ and its customers’ data. Certification builds an element of trust with your stakeholders and customers, giving them confidence that any sensitive data is securely stored and accessed.

Current State

Security Centric’s Lead Auditors have a wealth of experience in assessing the current state of your organisation’s ISMS. As the critical set of documentation, your ISMS will be reviewed to ensure it is complete, or to discover areas of weakness and any gaps that may exist. If your organisation has yet to develop an ISMS, we can assist in creating the first iteration of your documentation based on a thorough assessment of your organisation’s security controls and processes.

Fasttrack to Compliant

The process of gaining ISO 27001 certification is not a short one, and in fact can take some large organisations several years. The actual time to final certification however varies based on two key variables; your organisations current state and the efficiency of implementing required controls. Our ISO 27001 Lead Implementors have performed extensive implementation plans and have the experience to fast track your organisation towards compliance.

Maintain

The ISO 27001 certification is not awarded statically. Organisations must allow for regular follow up audits and maintenance checks to ensure compliancy is maintained. As a certified assessor and certificate issuer, Security Centric can perform regular audits to ensure your organisation remains compliant.

pci-dss-logo

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) are a series of standards mandated to organisations that handle credit card information, ensuring their networks are secure and cardholder data is protected, ultimately reducing credit card fraud.

No matter the size of your business, from SMEs, eCommerce websites to international enterprise, if you deal with payment card information you must comply with PCI DSS. Failure to comply can result in fines, or the removal of card processing capabilities.

We can guide your organisation through understanding the compliance requirements of PCI DSS, utilising an approved scanning vendor (ASV) to find weaknesses resulting in non-compliance, and provide technical expertise to remediate.
IRAP-Logo-300x200

IRAP/ISM

The Australian Government Information Security Manual (ISM) is cyber security framework organisations can use to assess, remediate, and protect their data and networks. Its use is mandatory for all Australian government agencies and is increasingly becoming a requirement for commercial organisations that conduct business with the Australian Government, including Defence. Organisations can self-assess against the ISM at any time, though official certification can only be gained through an assessment by an endorsed IRAP assessor such as Security Centric.

Endorsed IRAP assessors are qualified to assess an organisation against the ISM, identifying gaps within your system security, and quantifying the risk of vulnerability. Security Centric have expert assessors who can help every step of the way, from auditing, to remediation, and final IRAP certification, helping turn a very resource intensive assessment into something much more efficient.

ACSC Essential Eight

The Essential Eight is a series of baseline mitigation strategies taken from the Strategies to Mitigate Cyber Security Incidents recommended for organisations by the Australian Government.  Implementing these strategies as a minimum makes it much harder for adversaries to compromise systems.

Once the initial review has been completed and technical assessments have commenced, we will assess the overall security maturity by evaluating the security policies and controls against the PSPF and ACSC’s Strategies to Mitigate Cyber Security Incidents, aligned with the Essential Eight Maturity Model.

Read more about our ACSC Essential Eight Assessment Service here

Privacy Act

The Privacy Act, and its 13 Australian Privacy Principles, ensures that organisations collect, store and process personal information in a way that protects the privacy of clients. While limited exceptions apply, it is otherwise mandatory for organisations that collect personal and sensitive information, including health information, to comply with the Privacy Act.

Understanding what personal and sensitive information your organisation collects is the first step to ensuring compliance with the Privacy Act. Security Centric can help with this discovery, along with providing particular expertise on how, and if this data is transmitted cross-border, and maintaining the confidentiality, integrity and availability of personal information.

APRA CPS 234

The Australian Prudential Regulation Authority (APRA) supervises the banking, insurance, and superannuation industry within Australia. As an organisation in this sector, it is now mandatory to comply with the CPS 234 legislation introduced in 2018 and commencing from July 1, 2019. This regulation mandates that APRA regulated organisations take effective measures to reduce and mitigate the threat of cyber-attacks, commensurate with the ever-expanding vulnerabilities and threats this sector may be exposed to.

Security Centric can assist your organisation in meeting the requirements of CPS 234, performing diagnostic gap analysis to identify potential system weaknesses, quantifying business risk, and configuration of consistent monitoring for construction of an evolving risk profile.

Get Compliant

Have questions about where to start with your compliance needs? Understanding what standards your organisation is required to meet can be confusing. Get in touch to talk to a qualified compliance assessor.