Information Security and GDPR

Information Security: From Cyber Essentials to ISO 27001 can help you secure your information and demonstrate this towards your customers. You may only need a small tip, a gap analysis, a remediation job to repair a non-complianc, or a one-off advice. Some ccompanies need a helping hand, want to bounce off an idea or someone looking over their shoulder from time to time.

Some are best off implementing a minimum set of controls, e.g. as provided by the UK Cyber Essentials scheme. Most will need some additional protection, as given by controls from the NIST 20 Critical Security Controls, PCI-DSS, OWASP or some more general standard, such as ISAE3402. Some need to go all the way to the full-fledged development and operation of a state-of-the-art Information Security Management System compliant with ISO 27001.

Omniseq can deliver whatever you need using its Build-Operate-Transfer method.

Build - develop and document an ISMS/QMS 

1. Determine objectives
2. Assess current status
3. Develop a realistic strategy for reaching objectives
4. Create and maintain an asset inventory
5. Risk assessment - risk treatment - control selection
6. Implement controls and track effectiveness
7. Build information security infrastructure: access, AV, spam filter, firewall, IDS,  inventory, monitoring, logging, vulnerability scanning, patching as required
8. Create a document and record control system
9. Develop policies, procedures, forms, standards, templates, instructions as required

Operate - run the ISMS and create records

1.Control deployment: introduce administrative, technical and logical controls
2.Embed ISMS in organization: IT, Network, Physical Security, HR, Management Reporting, a.o.
3.Run information security operations: access control, AV, spam, firewall, IDS, inventory, monitoring, logging, vulnerability scanning, patching as required
4.Register and resolve reported Non-Conformities and Incidents 
5.Plan and execute first Management Review Meeting (ISO27001)
6.Plan and execute Internal Audit (ISO27001)
7.Plan and execute Pen Test
8.Plan and execute External Audit (ISO27001)

Transfer - controlled hand-off

1.Recruitment of permanent staff, profiles-interviews-selection
2.Train successor & security operations staff (if applicable)
3.Hand-over and supervise
4.Support successor & security operations staff