What is GRC?

Governance, Risk & Compliance all require ongoing attention. Legal requirements, business continuity, decisions on optimising capital and operational expenditure, internal and external audits are all drivers of GRC. CommSec’s deep understanding of Regulations and Standards and our approach to ensuring the necessary processes, documentation and reviews are in place positions us as your partner of choice to achieve your GRC goals.

Read More

GDPR/Data Protection

CommSec offer a broad range of services in relation to Data Protection. Many of our customers start with a comprehensive Data Protection Impact Assessment, conducted by one of our highly experienced Data Protection Consultants. The written report that follows provides a framework for continuously improving your Data Protection posture, including compliance with the General Data Protection Regulation (GDPR).

We also offer Training, including classroom and software options. Our classroom training empowers management and assigned Data Champions to communicate effectively and accurately with their teams. Software training solutions ensure that awareness is measured, employees working shifts or remotely are included, improvement metrics are reported and new hires are not missed.

Our DPO-as-a-Service offering is proving popular with customers who require a Data Protection Officer and where this is not a full-time role. Clients benefit from experienced, objective professionals who are skilled at board-level communication and have a track record of implementing effective Data Protection processes and practices, as well as associated documentation and audits. Finally, we offer the services of our Data Protection Consultants to provide support to the newly-appointed or under-resourced Data Protection Officer in many organisations.

Read More

ISO 27001

Working with certified ISO 27001 Auditors, you can be assured that you are continuously supported on achieving your goal of ISO 27001 certification.

Our phased approach includes Gap Analysis, Risk Assessment (including Risk Assessment Reports and Risk Treatment Plans), Alignment of Information Security Management System (ISMS) with ISO 27001 requirements, Implementation and pre-certification Audit. Documentation addresses the Statement of Applicability, Organisation Overview, Information Security Policy, Business Continuity Management, Internal Audit Reports, Document Control Procedure, Corrective and Preventive Action Procedures and Internal Audit Procedure. Our ISO 27001 clients have enjoyed a 100% success record in achieving certification by engaging with CommSec.

Security Services for Retail – PCI DSS Compliance

The Payment Card Industry Data Security Standards (PCI DSS) is a set of requirements for enhancing payment account data security. These standards were developed by the PCI Security Standards Council to facilitate industry wide adoption of consistent data security measures on a global basis.It applies to all businesses (not just retailers) that take credit and debit cards, regardless of size or transaction volume. Any business involved in the storage, processing and/or transmission of payment card numbers must comply. It doesn’t matter whether it’s an in store transaction or online, on a mobile device or via a desktop. Requirements for certification vary depending on the number of transactions an entity processes and the way they are processed.

How Can CommSec Help Ensure You Are PCI DSS Compliant?
Failure to meet PCI compliance standards can have a terrible knock on effect on your business, as the financial implications of a breach can destroy your brand and reputation very quickly. You can mitigate this risk by maintaining compliance and providing verification and certification as required by the industry.

CommSec can help you meet you maintain PCI compliance through our analysis of your transactional processing environment. We scan your network and web applications to look for potential vulnerabilities. The scan will identify any potential threats or weaknesses that may allow an attacker to gain access to your network and potentially compromise cardholder data.

Our PCI compliance monitoring service enables you to:

  • Protect your customers’ personal data
  • Protect your business from financial losses.
  • Protect your company’s brand and reputation.

If we identify any threats or potential vulnerabilities in your environment, we report these to you in plain English and recommend how to fix these issues straight away. Some customers hire us to independently assess their PCI DSS compliance and make recommendations to their existing IT provider or IT team. If you want us to implement the recommendations of our security assessment, then we’re happy to deliver the entire PCI DSS compliance project it’s up to you!

For more information on how CommSec can assist you with your PCI DSS compliance, contact us now!

Business Continuity

Every business needs to have a business continuity plan to cover them in the event of a major system’s failure or security breach.

Whatever your business sector and whatever your scale–
having a business continuity plan that is realistic and tested regularly is vital for risk avoidance and in many cases, meeting industry compliance standards.

CommSec work with your IT team or general managed services provider to ensure that security is a central part of your business continuity plan.

Many “IT disaster” scenarios are in fact caused by a major security breach which results in systems going offline. Our security incident event management (SIEM) service and our 24x& security operations centre (SOC) monitoring service are all
designed to reduce the risk of there ever being a serious security breach and in the event of one happening be able to isolate the incident and take steps to recover from it very quickly.