IT Compliance

Compliance with standards has always been a cornerstone for organizational and enterprise security. Taking into consideration the current demanding security environment, SpearIT offers you complete compliance services regarding various information security and trust services standards.

Our method breaks down in five major phases:

  1. 1. Implementation
  2. 2. Training
  3. 3. Pre-Certification Internal Audit
  4. 4. Accredited Body Certification
  5. 5. Continuous Coaching

Our perennial expertise in implementing and auditing Information Security Management Systems lets us guide you with a smart way in choosing the appropriate implementation and provide you with extra consultancy in various areas.

Implementation

The appropriate documentation, including policies, procedures, manuals and forms are implemented according to your organizational and operational environment needs.

They are designed in a smart way to minimize the administrative effort and stay maintainable throughout the years.

traceID

Training

You employees are trained by SpearIT in order to become familiar with the newly developed system. The training is organized and carried SpearIT's instructors, targeting the various organizational departments (executives, marketing, sales, technical, administrative).

The final goal is for everyone to become familiar with the "new way" your company will operate, which will probably affect the way various employees operate. Keep always in mind that it is the management system that should work for you and not the opposite!

Internal Audit

A pre-certification audit is carried out by specialized in auditing procedures SpearIT staff. The goal of this process is to simulate the final certification, in order to detect and correct any non-conformances but also, make your company's employees feel a little more relaxed as they witness a real auditing scenario where they are actually asked for various evidence. This way, they become more confident during the final auditing procedure by the accredited certification body.

SiteSeal
traceID

Accredited Body Certification

A date for the official audit process is scheduled, which is carried out by an accredited certification body.

Certified auditors will visit your company's location and perform various inspections regarding the documentation and the implementation. That means that they will look for evidence (logs, signed forms, e-mails, screenshots) or existing controls (access-control on critical areas, HVAC, fire extinguishers, availability of equipment) which prove that proper implementation of the procedures is taking place.

Upon complete inspection which usually lasts a couple of days, the certification body approves your certification or informs you about additional actions you shall carry out in order to become fully compliant.

Continuous Coaching

SpearIT continuously oversees your compliance status by:

  • performing recurring internal audits (annual internal audit is a requirement an many standards)
  • performing validation and assessment actions (vulnerability scans, penetration tests, business impact assessments, breach attack simulation)
  • consulting with key personnel regarding maintenance and improvement of your management system
  • proposing controls and ways to handle incidents or improve the efficiency of your asset management, patch management, etc.

SiteSeal

Interested in getting certified towards a standard?

Start here!

Latest News

EU eID Schemes Landscape

Electronic Identification (eID) is a digital solution for the identity proofing of citizens or organizations achieving mutual recognition of electronic identification schemes across borders and increases citizens confidence in the online world...
Read More

Digital transformation and the EU NIS Directive

There is an observed ongoing movement towards digital transformation during the very last years, not only in private and enterprise environments but also in critical national infrastructure operators...
Read More

Choosing between a Vulnerability Scan and a Penetration Test

The terms "vulnerability scan" and "penetration test" are oftentimes mistakenly used interchangeably, even by people involved with IT...
Read More