
Standards
Before starting its certification journey, an organization has to analyze, at least, what are the requirements applicable to their own business and how much time and resources and does it need to invest on. Sometimes the standard against which the company will have to be certified is imposed by the regulation of its sector (e. g. eIDAS, HDS, RGS) and sometimes it will be a choice to look at regarding numerous internal and external criteria.

Find the appropriate security and compliance standard and obtain your certification

ISO 27001
Information security management
ISO 27001 certification is the gold standard for information security management. Its implementation can be customized for each organization to treat their risks. ISO 27001 is the only international standard recognized for governing an organization’s information security management system (ISMS).
FZCS helps companies to create and run an effective ISMS through suitable policies and procedures and associated controls supporting the organization’s information risk management processes and assists companies in their ISO 27001 implementation or certification project.
Certifying your ISMS is demonstrating to your business partners that you implement a mature and risk-based information security program in place. Undergoing an ISO 27001 certification is also a way to secure actively and proactively your IS and proving your compliance efforts, which could be just what you need to stay ahead in your industry.

Combine ISO 27 001 and SOC 2 easily
This article exposes the differences between these two frameworks.
You will also find, in it, a free downloadable map of the two standards

Coming soon
...

Coming soon
...

SOC 2
Service Organization Control
SOC 2 standard reports on organizational controls related to security, availability, processing integrity, confidentiality, or privacy. The SOC 2 report is designed to provide detailed information and assurance to interested parties about the suitability and effectiveness of the service organization’s controls based on their compliance with the AICPA’s (American Institute of Certified Public Accountants) TSC (Trust Services Criteria).
FZ Consulting helps businesses to ready for a SOC 2 audit by:
-
Reviewing the audit scope
-
Developing a project plan
-
Designing the policies, procedures, and processes controls
-
Documenting the results
-
Delivering and communicating the SOC 2 final report

Combine ISO 27 001 and SOC 2 easily
This article exposes the differences between these two frameworks.
You will also find, in it, a free downloadable map of the two standards
_edited.png)
Coming soon
...
_edited.png)
Coming soon
...

e-IDAS
Electronic identification and trust services for electronic transactions
The e-IDAS Regulation established the European framework to ensure electronic interactions and increase the level of security of transactions. The Regulation stands for electronic identification, authentication, and trust services.
FZ Consulting helps organizations to manage projects related to electronic identification and trust services (e-signature, e-seal, preservation, electronic certificate).
FZ Consulting also assists trust service providers with policies and procedures writing (certification and/or timestamping practices statements and policies (CP/CPS), signature policies) to comply with ETSI standards and/or e-IDAS regulation in order to certify or qualify their services.

GDPR
General Data Protection Regulation
According to the European regulation, a business is responsible for complying with all European data protection principles and is also responsible for demonstrating compliance.
The GDPR applies to any company which processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed, or a company established outside the EU that processes data of individuals in the EU.
The GDPR provides businesses with a mandatory set of tools to put in place in order to demonstrate accountability.
FZCS helps companies:
-
to implement appropriate measures to comply with the data protection principles
-
to operate the DPO office or supporting the DPO by external services
-
to develop processes and implement required operations
-
to plan, coordinate and deliver training and awareness actions to influence stakeholders’ culture and behavior
-
to plan for audit and for certification and provide assistance with Data Protection Authorities controls

PCI DSS
Payment Card Industry Data Security Standard
PCI DSS is a complex standard that applies to all organization which store, process, or transmit payment card data, as well as organizations that may impact the security of a credit card processing environment.
The most important part of PCI DSS compliance is about creating and maintaining documentation to demonstrate that the organization meets the standard’s requirements. This includes especially formal security policies, processes, and procedures.
FZ Consulting provides guidelines and supports the organizations with policies documentation and procedures development that comply with applicable PCI requirements.