Case Study: Audit And Compliance

1039 Words5 Pages
Audit & Compliance PCI DSS Assessment All organizations that deal with cardholder data need to be PCI Compliant. PCI DSS can be difficult and complex to manage. At GRC 360, we understand PCI compliance and how it can ensure data protection in a business. Our approach towards compliance guarantees proper planning, configuration and management of the program. Our consultants have extensive experience in all areas of PCI DSS compliance, gained through working with medium and large enterprises nationally and internationally. They are trained by PCI Security Council itself (body, who publish and maintain the PCI DSS standard), where needed, have proven experience of advising and consulting large financial institutions especially banks. We are…show more content…
The best way to carry out this systematic approach is to adopt best international practices. ISO 27001 is internationally the most recognized standard all over the world that covers all requirements for an Information Security Management System (ISMS). It ensures the selection of proportionate and adequate security controls according to the current and potential organizational…show more content…
Identification of business processes vital to your organization 2. Gap Analysis of your existing system against ISO 27001 requirements 3. Risk Assessment of critical information assets and selection of appropriate mitigation controls 4. Formulation of Information Security Policies and various procedures supporting the policies 5. Implementation of the selected mitigation controls 6. Preparation of the client’s audit team to conduct internal audits in order to review the readiness of the client to achieve ISO 27001 certification 7. Final assessment of the ISMS to help the client achieve ISO 27001 certification ISO 22301 The ISO 22301 is a best practice management system standard for Business Continuity Management that is designed to be used by organizations of all types and sizes. It states all necessary steps to be taken by a management system to guard against, minimize the likelihood of, and ensure the recovery of a business from a disrupting incident. The ability of organizations to continue their operations during the course of a disaster or disruption is vital for the organization as well as its customers and other stakeholders. Organizations that successfully undertake ISO 22301 certification can assure their customers, regulators and other stakeholders that they have adopted standard procedures to cope with business continuity

More about Case Study: Audit And Compliance

Open Document