: Controls Implementation – isec

Service Overview

Achieving compliance with applicable regulations and even compliance with your choice of standards and best practices is never an easy task.

When internal resources are not skilled enough or simply too busy with their core activities, organizations may choose to outsource the implementation and maintenance of security controls.

Whether you are looking for a “classic” controls implementation, such as the ones based on ISO 27001, or you are trying to respond to specific regulations, such as GDPR, you may be in need for proper planning and project coordination.

Implementation of security controls may address the entire organization or only a specific area of activity. Also, implementation of security controls may target further accreditation, legislative conformity or internal compliance.

Our specialists are ready to use their expertise and provide professional support in controls implementation and maintenance based on the following:

  • Internal information security best practices and standards (such as good practices for developers, hardening, awareness and training and so on);
  • Banking regulations issued by national control authorities;
  • Digital platform regulations for alternative transport providers issued by national control authorities;
  • Standards such as ISO 27001, ISO 27002, ISO 27005, ISO 22301, ISO 27552, ISO 31000 and more;
  • Other specific regulations such as GDPR, eIDAS, PSD2, NIS (and the local equivalent laws) and more.

isec‘s professional support consists in:

  • Setting and/or reviewing the objectives for the implementation and/or maintenance phase to reflect the business and regulatory needs of the organization;
  • Defining the scope of the information security system;
  • Evaluating the existing assets (such as network infrastructure, hardware, software, services, personal data handled) and analyzing the risks associated;
  • Designing or improving the Information Security Management System (including policies, processes, procedures, controls, roles, training program, technical and know-how resources);
  • Providing training and awareness to enhance personnel’s competencies;
  • Testing the effectiveness of the implemented system;
  • Conducting periodical internal audits and promptly intervening with corrective measures when needed, as part of system maintenance, monitoring and continuous improvement phase.

Any implementation process has a complex set of deliverables, directly dependent on the structure and the requirements associated with chosen standard, best practice or regulation.

A standard set of documentation may contain policies, procedures, workflows or instructions, specific forms, action plans, inventories, risk registers and more.

isec‘s professional support services can provide the optimal guidance during an implementation process, as well as post-implementation.

You will get documentation that is entirely customized and designed for your company, considering your business context, needs and expected outcomes of the implementation.