Standards Compliance

Compliance with standards has always been a cornerstone for organizational and enterprise security. Taking into consideration the current demanding security environment, SpearIT offers you complete compliance services regarding various informatino security and trust services standards.

Our method breaks down in five major phases:

  1. 1. Implementation
  2. 2. Training
  3. 3. Pre-Certification Internal Audit
  4. 4. Accredited Body Certification
  5. 5. Continuous Coaching

Our perennial expertise in implementing and auditing Information Security Management Systems lets us guide you with a smart way in choosing the appropriate implementation and provide you with extra consultancy in various areas.

Implementation

The appropriate documentation, including policies, procedures, manuals and forms are implemented according to your organizational and operational environment needs.

They are designed in a smart way to minimize the administrational effort and stay maintainable throughout the years.

traceID

Training

You employees are trained by SpearIT in order to become familiar with the newly developed system. The training is organized and carried SpearIT's instructors, targeting the various organizational departments (executives, marketing, sales, technical, administrative).

The final goal is for everyone to become familiar with the "new way" your company will operate, which will probably affect the way various employees operate. Keep always in mind that it is the management system that should work for you and not the opposite!

Internal Audit

A pre-certification audit is carried out by specialized in auditing procedures SpearIT staff. The goal of this process is to simulate the final certification, in order to detect and correct any non-comformacies but also, make your company's employees feel a little more relaxed as they witness a real auditing scenario where they are actually asked for various evidence. This way, they become more confident during the final auditing procedure by the accredited certification body.

SiteSeal
traceID

Accredited Body Certification

A date for the official audit process is scheduled, which is carried out by an accredited certification body.

Certified auditors will visit your company's location and perform various inspections regarding the documentation and the implementation. That means that they will look for evidence (logs, signed forms, e-mails, screenshots) or existing controls (access-control on critical areas, HVAC, fire extinguishers, availability of equipment) which prove that proper implementation of the procedures is taking place.

Upon complete inspection which usually lasts a couple of days, the certification body approves your certification or informs you about additional actions you shall carry out in order to become fully compliant.

Continuous Coaching

SpearIT continuously oversees your compliance status by:

  • performing recurring internal audits (annual internal audit is a requirement an many standards)
  • peforming validation and assessment actions (vulnerability scans, penetration tests, business impact assessments, breach attack simulation)
  • consulting with key personnel regarding maitenance and improvement of your management system
  • proposing controls and ways to handle incidents or improve the efficieny of your asset managemet, patch management, etc.

SiteSeal

Interested in getting certified towards a standard?

Start here!

Latest Blog Posts

The Value of a Penetration Test

In case you are wondering whether a penetration test offers any value to your organization, we have to first of all admit that there are two dimensions in answering this question: executives and technical.
Read More

Choosing between a Vulnerability Scan and a Penetration Test

The terms "vulnerability scan" and "penetration test" are oftentimes mistakenly used interchangeably, even by people involved with IT...
Read More

The Ideal Penetration Test Report

A penetration test report is the final deliverable in a penetration test engagement. It is a detailed document that guides you through the findings, vulnerabilities detected, exploitation actions and provides mitigation recommendations....
Read More