Implementation of Standards and Regulations

April 27, 2017 isec No Comments

Service overview

Whether you are looking for a “classic” implementation, such as ISO 27001 for when you want to obtain certification for your security management system or you are trying to respond to specific regulations, such as GDPR (General Data Protection Regulation), you may need a proper planning and project etapization for the implementation.

Our consultants have gathered experience throughout multiple implementations for different industries, such as telecom, retail, banking and assurance, services, public and others. We are strongly meticulous at achieving compliance with mandatory standards’ requirements as we are able to adapt the recommended requirements to the specific of each organization.

Implementations may address the entire organization or an area of activity. Also, implementations may target further accreditation, legislative compliance or internal compliance.

Here are some of the implementation we can help you with:

  • ISO 2700x – information security standards
  • ISO 31000 – risk management standard
  • ISO 22301 – business continuity standard
  • COBIT (ISACA)
  • PCI DSS
  • Other industry specific standards and regulations, such as: VDA 6.3 (German Automotive Standard), GDPR (General Data Protection Regulation), etc

Methodology

If your organization is new in managing systems or information security management systems, reflect using our professional expertize as the optimal guidance during your implementation.

Implementations are conducted by using a pre-established project plan with stages, resources and deliverables. Each implementation starts with a common GAP analysis to identify applicable requirements and missing points. The results are translated into a detailed implementation plan with tasks and milestones.

Deliverable

Any implementation process has a complex set of deliverables, directly dependent on the structure and requirements of the named standard, best practice or regulation.

A standard set of documentation may contain policies, procedures, workflows or work instructions, specific forms, action plans, inventories, risk registers, etc.

Your documentation shall be entirely personalized and designed for you, considering the context, needs and expected outcomes for the implementation.