Compliance Advisory

Compliance Advisory

Security compliance is a legal concern for organizations in many industries today. Regulatory standards like PCI DSS, HIPAA, and ISO 27001 prescribe recommendations for protecting data and improving info security management in the enterprise.

ISO 27001

ISO 27001 is a structured set of guidelines and specifications for assisting organizations in developing their own information security framework. The standard assists organizations in developing their own information security framework.  
 
ISO 27001 suggests development and implementation of a structured Information Security Management System (ISMS), which governs the security implementation and monitoring in an enterprise. The standard is designed to serve as a single 'reference point for identifying the range of controls needed for most situations where information systems are used'. 

Gap Assessment

Implementation

Remediation Support

Report Preparation & Submission

Our Approach 


We adopt a five-step methodology to manage the ISO 27001 implementation:

Step I: Understanding Business Functions 

 

The purpose of this phase is to provide the initial planning and preparation for the assignment.

Step II: Data Acquisition 

 

The purpose of this phase is to collect all relevant data pertaining to the scoped area. This is probably the most crucial phase, since it involves meeting the stakeholders and understanding their concerns.

Step III: Risk Assessment 


Tensecure’s Risk assessment methodology is a multi-fold activity comprising assigning values to the identified critical information assets, threat assessment, Vulnerability Assessment & Penetration Testing exercise and Gap Analysis.

Step IV: Design & Build 


The purpose of this stage is to develop detailed and functional IT security policies and procedures for the client in line with ISO 27001.

Step V: Action Plan 


The main purpose of this stage is to provide the client with a Security Improvement Program which would help the client to have a continuous improvement as well as to get ISO 27001 certification. 

PCI-DSS 

The PCI DSS version 3.2.1 is comprised of six control objectives that contain one or more requirements. In all there are 12 specific requirements under these control objectives. The verification and reporting process may vary depending on the level of merchants and service providers. An organization is also expected to identify its category or type for identifying what requirements are applicable to it.

Gap Assessment

Implementation

Remediation Support

Report Preparation & Submission

Our Approach 

Tensecure helps organizations meet all the requirements with the help of its robust consulting methodology. We ensure that these requirements are met through these 6 steps:

Step I: Build & Maintain A Secure Network 

 

Installing, configuring, and providing guidance on maintaining firewalls, intrusion detection and prevention systems, anti-virus and anti-spyware solutions.

Step II: Protect Card Holder Data 

 

Identifying the storage, transit channel, transit method, archival and retrieval of credit card data and securing the same. Identifying and implementing the appropriate controls at each data interface and data container.

Step III: Maintain A Vulnerability Management Program 

Conduct regular vulnerability identification, assessment and reporting exercises with fix implementation.

Step IV: Implement Strong Access Control Measures 

 Identify all logical and physical access points and ensure the access controls are present as per the requirement of the standard.

Step V: Regularly monitor & Test networks


Track and monitor all access to network resources and cardholder data. Regularly test security systems and processes

Step VI: Maintain An Information Security Policy 


Draft and maintain a well-defined information security policy which addresses all the pre-requisites of the standard. 

Here, Security Never Sleeps.

Community

Blog

 Address: E 44/3, Pocket D, Okhla Phase II, Okhla Industrial     Area, New Delhi, Delhi 110020

Tel. +91-120-3672710

Quick Links

About Us

Solutions

Contact Us

  • LinkedIn
  • Twitter
  • Facebook