Image de Vishnu Mohanan

Information system certification

The management of the information system (ISMS) is a systemic approach to deal with sensitive company information to ensure their security.

Across business sectors, various IT certification schemes can serve as the basis for designing a security framework that could be applied to companies’ information system.

FZ Consulting provides a clear and logical approach that helps companies to define and implement IT certification or qualification schemes adapted to their business objectives and system requirements in order to reach their principle goal : Creating Trust.

The preparation for a IS certification audit can be a great opportunity for improving the quality of the processes and raising the employee’s security-awareness. Our mission is to guide our customers regardless the selected certification schemes  (ISO 27001, eIDAS, GDPR, HDS, AML, PCI DSS, SOC 2 ).

Our missions : 

  • Requirements definition: analysis of needsand context (scoping phase), assessment of the specific risks (with an ISO 27005 compliant method), costs and deadlines, strategic recommendations, create the controls framework

  • ISMS assessment: study of documentation, interviews, measurement of compliance gaps with respect to the certification reference system 

  • Action plan: action plan adapted to your organization & personalized support ( security and privacy policies, drafting of procedures, etc.), preparation for the documentation and on-site audit, audit firm selection

FZCS Resources

Resources

ISO 27001

Specification for ISMS to demonstrate & evaluate the fairness and suitability of ISMS, controls, and practices

SOC 2

Report on the design of controls and/or testing and operating effectiveness of those controls for a service organization

e-IDAS

Regulation dedicated to electronic identification and trust services

 

Manage the challenges of regulatory compliance  

Let's start a new project together
  • Twitter
  • LinkedIn - Black Circle

GDPR

European other data protection frameworks or requirements

PCI DSS

Payment Card Industry Data Security Standard established as a standard security requirement for entities that store, process, or transmit cardholder data