Information system certification
The management of the information system (ISMS) is a systemic approach to deal with sensitive company information to ensure their security.
Across business sectors, various IT certification schemes can serve as the basis for designing a security framework that could be applied to companies’ information system.
FZ Consulting provides a clear and logical approach that helps companies to define and implement IT certification or qualification schemes adapted to their business objectives and system requirements in order to reach their principle goal : Creating Trust.
The preparation for a IS certification audit can be a great opportunity for improving the quality of the processes and raising the employee’s security-awareness. Our mission is to guide our customers regardless the selected certification schemes (ISO 27001, eIDAS, GDPR, HDS, AML, PCI DSS, SOC 2 ).
Our missions :
Requirements definition: analysis of needsand context (scoping phase), assessment of the specific risks (with an ISO 27005 compliant method), costs and deadlines, strategic recommendations, create the controls framework
ISMS assessment: study of documentation, interviews, measurement of compliance gaps with respect to the certification reference system
Action plan: action plan adapted to your organization & personalized support ( security and privacy policies, drafting of procedures, etc.), preparation for the documentation and on-site audit, audit firm selection