Under the IT management, your firm will need consultancy about ISO 27001, PCI DSS (Payment Card Industry Data Security Standards) and Security & Privacy Framework.
ISO27001 Compliance and Information Security Management Consultancy
ISO 27001 is a quality management system. It follows a common approach with other quality and management systems. This system is aiming to sustain information security risk management for the firm. In ımplementing ISO 27001 standards and certification process, the maturity of the firm about information security and awareness will increase among all the firm’s entities. In Turkey local regulations obligate ISO 27001 for customs transactions.
In this context, you can receive support in the following areas:
o ISO27001 Training
o Attacks and Pentests
o Social Engineering Tests
o Awareness Analysis
o Constituting Information Asset Inventory
o Risk Analysis
o Risk Remediation Plan and Implementation Roadmap Design
o Preparing Information Security Policies and Processes
o Internal Audit for ISO 27001
o Planning and Performing Corrective and Preventive Actions
PCI DSS Compliance and Information Security Management Consultancy
The PCI DSS is a set of comprehensive requirements for enhancing payment account data security. It was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International, to help facilitate the broad adoption of consistent data security measures on a global basis. Any merchant, acquirer and issuer bank, and service provider that processes, stores or transmits credit or debit card data, and any connected party to them.
o Do you process credit card transactions?
o Do you store credit card information? (paper or electronically)
o Do you take online credit card payments?
o Do you handle credit card information on paper, online, over the phone or via mail?
If any of your answer is yes, you must comply with PCI DSS.
PCI DSS consulting services:
· Scope Identification
· Risk Analysis
· Gap Analysis on current controls
· Remediation Plans
· Designing PCI Controls
· Evaluation of designed controls and checking implementability