DQS Certification India Private Limited logo afaq-afnor

Enterprise Risk and Compliance Services

What is Enterprise Risk and Compliance Services?

ISO 27002 (17799) was established by the International Standards Organization and offers a set of best practices for information security controls. Intended to assist all organizations—commercial, governmental or nonprofit—in the process of managing information security, it is comprised of twelve security clauses that include 39 security categories with hundreds of control objectives overall. Technically identical to ISO 17799, it was renumbered to 27002 in 2007 to conform to the ISO 27000 family numbering scheme.

The best practices offered by ISO 27002 are guidelines that address initiating, implementing, maintaining and enhancing the security objectives and controls within an organization’s information security program. An organization’s risk assessments provide necessary context for actual security control selection.

Objective of Enterprise Risk and Compliance Services

The ISO 27002 assessment is designed to understand and review your current information security as it relates to the controls outlined in the ISO standard that are tailored to your organization.  We can provide you with a comprehensive assessment of your current environment, analyze results, identify gaps, and supply recommendations.  It is vital that an organization recognize its readiness and understand its security risks.  Bringing risk to an acceptable and controllable level, allows you to mitigate the risks and have an effective security program.

  • Analyze your current status through review of policies, procedures, strategies, and functions and perform interviews with staff
  • Perform a gap analysis - analyze results, document gaps and vulnerabilities, and present objective recommendations
  • Prepare an executive summary report outlining scope, approach, findings, and recommendations

Enterprise Risk and Compliance Services Methodology

  • Assess information risks to discover gaps in existing policies and procedures to help identify requirements and improve information risk management. This lets administrators rapidly identify and assess the effectiveness of internal controls in an IT Governance relevant context.
  • Apply scalable, flexible controls mapped to IT governance and security frameworks that satisfy multiple compliance regulations and eliminate redundant controls, policies and procedures and duplicated efforts in application- or system-specific controls, letting you optimize corporate IT investments.
  • Proactively enforce policy in real time by monitoring, detecting, preventing and reporting policy violations that risk the confidentiality, integrity and availability of regulated information.
  • Remediate policy violations automatically or interactively, and handle policy exceptions automatically to demonstrate full compliance management and rapid intervention.
  • Assess compliance in real time with reporting and dashboards to demonstrate effective compliance oversight.
  • Log administration activity through a central audit point, thus meeting separation-of-duties requirements for security monitoring.

Benefits of Enterprise Risk and Compliance Services

  • Understand current security vulnerabilities
  • Protect assets against risk
  • Improve security
  • Increase customer satisfaction
  • Increase competitive edge
  • Recommendations documented
  • Delivered solutions by experienced, technical experts using proven methods

How can DQS help your compliance Efforts?

We can help you in three different ways depending on your need, involvement, time, available IT resources and budget.

OPTION 1: If you are in a hurry to complete the ISO 27002 or ISO 17799 compliance and you don’t have internal resources to completely devote to this project then we can independently complete the project for you. The only involvement required will be providing information about your infrastructure, policies and processes.

OPTION 2: If you have internal staff members who can completely devote their time and ISO 27002 or ISO 17799 compliance knowledge to this project but don’t know the methodology, we will provide a project manger to work with your team and help completing the compliance project.

OPTION 3: If you have all the necessary resources for ISO 27002 or ISO 17799 compliance project but need to save time on documentation, you can use our ISO 27002 or ISO 17799 compliance template documents. These templates will ensure that you gather all the required information before starting the project. The finding and recommendations will be mapped to the ISO 27002 or ISO 17799 compliance regulations.

OPTION 4:  Our Methodology of Assessment is Plan, Audit, Execute and Manage.

Contact us

Please feel free to contact us. We are looking forward to hearing from you!

Rajendra Khare
MD
DQS Certification India Private Limited
Mobile: +91-9810268573
Phone:  +91-11-27025910
e-mail: rkhare@dqsindia.com

Please note: Email communication would be preferred mode of communication.

Above article is licensed under the GNU Free Documentation License. It uses material from the Wikipedia article "Occupational Safety and Health Administration" and http://www.osha.gov/.

YOUR SUCCESS IS OUR GOAL