Compliance & Consulting

Compliance with standards has always been a cornerstone for organizational and enterprise security. Taking into consideration the current demanding security environment, SpearIT offers you complete compliance services regarding various information security and trust services standards.

Our method breaks down in five major phases:

  1. 1. Gap Analysis & Implementation
  2. 2. Training
  3. 3. Pre-Certification Internal Audit
  4. 4. Accredited Body Certification
  5. 5. Continuous Coaching

Our perennial expertise in implementing and auditing Information Security Management Systems lets us guide you with a smart way in choosing the appropriate implementation and provide you with extra consultancy in various areas.

Gap Analysis & Implementation

The appropriate documentation, including policies, procedures, manuals and forms are implemented according to your organizational and operational environment needs.

They are designed in a smart way to minimize the administrative effort and stay maintainable throughout the years.



You employees are trained by SpearIT in order to become familiar with the newly developed system. The training is organized and carried SpearIT's instructors, targeting the various organizational departments (executives, marketing, sales, technical, administrative).

The final goal is for everyone to become familiar with the "new way" your company will operate, which will probably affect the way various employees operate. Keep always in mind that it is the management system that should work for you and not the opposite!

Internal Audit

A pre-certification audit is carried out by specialized in auditing procedures SpearIT staff. The goal of this process is to simulate the final certification, in order to detect and correct any non-conformances but also, make your company's employees feel a little more relaxed as they witness a real auditing scenario where they are actually asked for various evidence. This way, they become more confident during the final auditing procedure by the accredited certification body.


Accredited Body Certification

A date for the official audit process is scheduled, which is carried out by an accredited certification body.

Certified auditors will visit your company's location and perform various inspections regarding the documentation and the implementation. That means that they will look for evidence (logs, signed forms, e-mails, screenshots) or existing controls (access-control on critical areas, HVAC, fire extinguishers, availability of equipment) which prove that proper implementation of the procedures is taking place.

Upon complete inspection which usually lasts a couple of days, the certification body approves your certification or informs you about additional actions you shall carry out in order to become fully compliant.

Continuous Coaching

SpearIT continuously oversees your compliance status by:

  • performing recurring internal audits (annual internal audit is a requirement an many standards)
  • performing validation and assessment actions (vulnerability scans, penetration tests, business impact assessments, breach attack simulation)
  • consulting with key personnel regarding maintenance and improvement of your management system
  • proposing controls and ways to handle incidents or improve the efficiency of your asset management, patch management, etc.


Interested in getting certified towards a standard?

Start here!

Latest News

Comparisson of the Notification Activities Between the Two Data Protection Regulations for EUIs

On 11 December 2018, Regulation (EU) 2018/1725 aka "GDPR for EUIs" came into force, replacing the older Regulation (EC) 45/2001....

Read More

Renewed Data Protection Regulation for EU Agencies

On 11 December 2018, Regulation (EU) 2018/1725 aka "GDPR for EUIs" came into force, replacing the older Regulation (EC) 45/2001....

Read More

EU NIS Directive Receives Update Proposal

On 6 December 2020, the EU Commission published its proposal for a revision of the Directive on Security of Network and Information Systems (EU NIS Directive)...

Read More