As a custodian of organisational and/or customer data, you may be required to adhere to one or more specific standards due to legislative requirements, contractual obligations, or to prove a level of information security to customers.
Navigating the often-complex compliance landscape can take time and resources away from regular, revenue generating business activities. Security Centric can instead guide you through the entire process of achieving compliance using our wealth of experience, ultimately saving your organisation time and money.
The ISO 27001 Information Security Management is a globally recognised standard, providing a framework that dictates an Information Security Management System (ISMS) to which organisations adopt. While organisations may have adopted certain security measures to protect their informational assets, these can be unstructured, reactive, and based on identified threats at a point in time. ISO 27001 sets a series of mandated processes and controls that encompass the organisations’ information security holistically; it is not only related to IT teams and systems, but physical security, business continuity planning and non-IT informational assets.
While certification is not obligatory, achieving ISO 27001 certification signals that your business takes information security seriously, and has adopted best practices surrounding access controls, documentation, auditing and has put processes in place to protect both your organisations’ and its customers’ data. Certification builds an element of trust with your stakeholders and customers, giving them confidence that any sensitive data is securely stored and accessed.
Security Centric’s Lead Auditors have a wealth of experience in assessing the current state of your organisation’s ISMS. As the critical set of documentation, your ISMS will be reviewed to ensure it is complete, or to discover areas of weakness and any gaps that may exist. If your organisation has yet to develop an ISMS, we can assist in creating the first iteration of your documentation based on a thorough assessment of your organisation’s security controls and processes.
The process of gaining ISO 27001 certification is not a short one, and in fact can take some large organisations several years. The actual time to final certification however varies based on two key variables; your organisations current state and the efficiency of implementing required controls. Our ISO 27001 Lead Implementors have performed extensive implementation plans and have the experience to fast track your organisation towards compliance.
The ISO 27001 certification is not awarded statically. Organisations must allow for regular follow up audits and maintenance checks to ensure compliancy is maintained. As a certified assessor and certificate issuer, Security Centric can perform regular audits to ensure your organisation remains compliant.
The Payment Card Industry Data Security Standard (PCI DSS) are a series of standards mandated to organisations that handle credit card information, ensuring their networks are secure and cardholder data is protected, ultimately reducing credit card fraud.
No matter the size of your business, from SMEs, eCommerce websites to international enterprise, if you deal with payment card information you must comply with PCI DSS. Failure to comply can result in fines, or the removal of card processing capabilities.We can guide your organisation through understanding the compliance requirements of PCI DSS, utilising an approved scanning vendor (ASV) to find weaknesses resulting in non-compliance, and provide technical expertise to remediate.
The Australian Government Information Security Manual (ISM) is cyber security framework organisations can use to assess, remediate, and protect their data and networks. Its use is mandatory for all Australian government agencies and is increasingly becoming a requirement for commercial organisations that conduct business with the Australian Government, including Defence. Organisations can self-assess against the ISM at any time, though official certification can only be gained through an assessment by an endorsed IRAP assessor such as Security Centric.
Endorsed IRAP assessors are qualified to assess an organisation against the ISM, identifying gaps within your system security, and quantifying the risk of vulnerability. Security Centric can help every step of the way, from auditing, to remediation, and final IRAP certification, helping turn a very resource intensive assessment into something much more efficient.
Once the initial review has been completed and technical assessments have commenced, we will assess the overall security maturity by evaluating the security policies and controls against the PSPF and ASD’s Strategies to Mitigate Cyber Security Incidents, aligned with the Essential Eight Maturity Model.
|Application Whitelisting||Patch Applications|
|User Application Hardening||Configure MS Office Macro Settings|
|Restrict Administrative Privileges||Patch Operating Systems|
The Privacy Act, and its 13 Australian Privacy Principles, ensures that organisations collect, store and process personal information in a way that protects the privacy of clients. While limited exceptions apply, it is otherwise mandatory for organisations that collect personal and sensitive information, including health information, to comply with the Privacy Act.
Understanding what personal and sensitive information your organisation collects is the first step to ensuring compliance with the Privacy Act. Security Centric can help with this discovery, along with providing particular expertise on how, and if this data is transmitted cross-border, and maintaining the confidentiality, integrity and availability of personal information.
The Australian Prudential Regulation Authority (APRA) supervises the banking, insurance, and superannuation industry within Australia. As an organisation in this sector, it is now mandatory to comply with the CPS 234 legislation introduced in 2018 and commencing from July 1, 2019. This regulation mandates that APRA regulated organisations take effective measures to reduce and mitigate the threat of cyber-attacks, commensurate with the ever-expanding vulnerabilities and threats this sector may be exposed to.
Security Centric can assist your organisation in meeting the requirements of CPS 234, performing diagnostic gap analysis to identity potential system weaknesses, quantifying business risk, and configuration of consistent monitoring for construction of an evolving risk profile.
Talk to a qualified compliance assessor today.