Standards

Before starting its certification journey, an organization has to analyze, at least, what are the requirements applicable to their own business and how much time and resources and does it need to invest on. Sometimes the standard against which the company will have to be certified is imposed by the regulation of its sector (e. g. eIDAS, HDS, RGS) and sometimes it will be a choice to look at regarding numerous internal and external criteria.

pexels-pixabay-373543_edited.jpg

Find the appropriate security and compliance standard and obtain your certification

pexels-adrien-olichon-3137056_edited.jpg

ISO 27001

Information security management

 

ISO 27001 certification is the gold standard for information security management. Its implementation can be customized for each organization to treat their risks. ISO 27001 is the only international standard recognized for governing an organization’s information security management system (ISMS).

FZCS helps companies to create and run an effective ISMS through suitable policies and procedures and associated controls supporting the organization’s information risk management processes and assists companies in their ISO 27001 implementation or certification project.

Certifying your ISMS is demonstrating to your business partners that you implement a mature and risk-based information security program in place. Undergoing an ISO 27001 certification is also a way to secure actively and proactively your IS and proving your compliance efforts, which could be just what you need to stay ahead in your industry.

Scope of the frameworks SOC 2 and ISO 27001 cover basically the same topics, i. e_edited.jpg
Combine ISO 27 001 and SOC 2 easily

This article exposes the differences between these two frameworks.

You will also find, in it, a free downloadable map of the two standards

pexels-cottonbro-3205735.jpg
...
Coming soon

...

pexels-pixabay-279810.jpg
...
Coming soon

...

lines architecture

SOC 2

Service Organization Control

 

SOC 2 standard reports on organizational controls related to security, availability, processing integrity, confidentiality, or privacy. The SOC 2 report is designed to provide detailed information and assurance to interested parties about the suitability and effectiveness of the service organization’s controls based on their compliance with the AICPA’s (American Institute of Certified Public Accountants) TSC (Trust Services Criteria).

FZ Consulting helps businesses to ready for a SOC 2 audit by:

  • Reviewing the audit scope

  • Developing a project plan

  • Designing the policies, procedures, and processes controls

  • Documenting the results

  • Delivering and communicating the SOC 2 final report

Scope of the frameworks SOC 2 and ISO 27001 cover basically the same topics, i. e_edited.jpg
Combine ISO 27 001 and SOC 2 easily

This article exposes the differences between these two frameworks.

You will also find, in it, a free downloadable map of the two standards

Sans titre (6)_edited.png
...
Coming soon

...

Sans titre (7)_edited.png
...
Coming soon

...

e-IDAS

Electronic identification and trust services for electronic transactions

 

The e-IDAS Regulation established the European framework to ensure electronic interactions and increase the level of security of transactions. The Regulation stands for electronic identification, authentication, and trust services.

FZ Consulting helps organizations to manage projects related to electronic identification and trust services (e-signature, e-seal, preservation, electronic certificate).

 

FZ Consulting also assists trust service providers with policies and procedures writing (certification and/or timestamping practices statements and policies (CP/CPS), signature policies) to comply with ETSI standards and/or e-IDAS regulation in order to certify or qualify their services.

Copie de Sans titre.png
Coming soon

...

Copie de Sans titre (2).png
...
Coming soon

...

Copie de Sans titre (3).png
...
Coming soon

...

whitearchitecture

GDPR

General Data Protection Regulation

 

According to the European regulation, a business is responsible for complying with all European data protection principles and is also responsible for demonstrating compliance.

 

The GDPR applies to any company which processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed, or a company established outside the EU that processes data of individuals in the EU.

 

The GDPR provides businesses with a mandatory set of tools to put in place in order to demonstrate accountability.

FZCS helps companies:

  • to implement appropriate measures to comply with the data protection principles

  • to operate the DPO office or supporting the DPO by external services  

  • to develop processes and implement required operations

  • to plan, coordinate and deliver training and awareness actions to influence stakeholders’ culture and behavior

  • to plan for audit and for certification and provide assistance with Data Protection Authorities controls

Sans titre (2).png

PCI DSS

Payment Card Industry Data Security Standard

 

PCI DSS is a complex standard that applies to all organization which store, process, or transmit payment card data, as well as organizations that may impact the security of a credit card processing environment.

The most important part of PCI DSS compliance is about creating and maintaining documentation to demonstrate that the organization meets the standard’s requirements. This includes especially formal security policies, processes, and procedures.

FZ Consulting provides guidelines and supports the organizations with policies documentation and procedures development that comply with applicable PCI requirements.