Governance, Risk & Compliance

ISO 27001

Working with certified ISO 27001 Auditors, you can be assured that you are continuously supported on achieving your goal of ISO 27001 certification.

Our phased approach includes Gap Analysis, Risk Assessment (including Risk Assessment Reports and Risk Treatment Plans), Alignment of Information Security Management System (ISMS) with ISO 27001 requirements, Implementation and pre-certification Audit. Documentation addresses the Statement of Applicability, Organisation Overview, Information Security Policy, Business Continuity Management, Internal Audit Reports, Document Control Procedure, Corrective and Preventive Action Procedures and Internal Audit Procedure. Our ISO 27001 clients have enjoyed a 100% success record in achieving certification by engaging with CommSec.

DORA – Digital Operations Resiliance Act

In today’s digitalised financial landscape, ensuring digital operational resilience is not just a choice but now a necessity by law. Complying with the Digital Operational Resilience Act (DORA) is a step forward in securing your financial institution against ICT-related risks.

The Digital Operational Resilience Act (DORA) is a new EU regulation that aims to strengthen the digital operational resilience of financial entities. It applies to a wide range of financial entities regulated by the Central Bank of Ireland, and introduces targeted rules on ICT risk management, incident management, testing, and third-party risk. DORA builds on existing Central Bank guidance on outsourcing, operational resilience, and IT and cybersecurity risks.

DORA is a significant piece of legislation that will have a major impact on the way financial entities manage their digital risks. Financial entities should start preparing for DORA now by reviewing their existing ICT risk management frameworks and processes. Source: Central Bank of Ireland

NIS2

CommSec help our customers align with the NIS2 standard by providing the following services:

• Risk assessment and analysis: We will assess your customers’ cybersecurity risks and identify areas where they need to improve.
• Security implementation: We will help your customers implement the necessary security controls to mitigate their risks.
• Training and awareness: We will provide training to your customers’ employees on cybersecurity best practices.
• Incident response: We will help your customers respond to cybersecurity incidents in a timely and effective manner.
• Compliance monitoring: We will monitor your customers’ compliance with the NIS2 standard to ensure that they are always up-to-date.

We have a team of experienced cybersecurity professionals who are experts in the NIS2 standard. We are committed to helping our customers achieve and maintain compliance with the standard, so that they can protect their critical assets from cyber threats.

NCSC – Public Baseline Standards

CommSec help government, public bodies and their supply align with the NCSC public baseline cybersecurity standards by providing a comprehensive range of services, including:

• Risk assessment and analysis: We will assess your customers’ cybersecurity risks and identify areas where they need to improve, including their M365 security and mobile device security.
• Security implementation: We will help your customers implement the necessary security controls to mitigate their risks, such as implementing security policies and procedures, deploying security software, and training employees on cybersecurity best practices.
• M365 security assessment: We will assess your customers’ M365 environment to identify and fix security vulnerabilities.
• Mobile Device Security Management: We will help your customers manage their mobile devices securely, including deploying mobile device management (MDM) software, configuring security policies, and training employees on how to use mobile devices safely.
• Training and awareness: We will provide training to your customers’ employees on cybersecurity best practices, such as how to identify and report phishing emails, how to create strong passwords, and how to use security software effectively.
• Incident response: We will help your customers respond to cybersecurity incidents in a timely and effective manner.
• Compliance monitoring: We will monitor your customers’ compliance with the NCSC public baseline cybersecurity standards to ensure that they are always up-to-date.

We have a team of experienced cybersecurity professionals who are experts in the NCSC public baseline cybersecurity standards. We are committed to helping our customers achieve and maintain compliance with the standards, so that they can protect their critical assets from cyber threats.

GDPR/Data Protection

CommSec offer a broad range of services in relation to Data Protection. Many of our customers start with a comprehensive Data Protection Impact Assessment, conducted by one of our highly experienced Data Protection Consultants. The written report that follows provides a framework for continuously improving your Data Protection posture, including compliance with the General Data Protection Regulation (GDPR).

We also offer Training, including classroom and software options. Our classroom training empowers management and assigned Data Champions to communicate effectively and accurately with their teams. Software training solutions ensure that awareness is measured, employees working shifts or remotely are included, improvement metrics are reported and new hires are not missed.

Our DPO-as-a-Service offering is proving popular with customers who require a Data Protection Officer and where this is not a full-time role. Clients benefit from experienced, objective professionals who are skilled at board-level communication and have a track record of implementing effective Data Protection processes and practices, as well as associated documentation and audits. Finally, we offer the services of our Data Protection Consultants to provide support to the newly-appointed or under-resourced Data Protection Officer in many organisations.

PCI DSS Compliance

The Payment Card Industry Data Security Standards (PCI DSS) is a set of requirements for enhancing payment account data security. These standards were developed by the PCI Security Standards Council to facilitate industry wide adoption of consistent data security measures on a global basis.It applies to all businesses (not just retailers) that take credit and debit cards, regardless of size or transaction volume. Any business involved in the storage, processing and/or transmission of payment card numbers must comply. It doesn’t matter whether it’s an in store transaction or online, on a mobile device or via a desktop. Requirements for certification vary depending on the number of transactions an entity processes and the way they are processed.

How Can CommSec Help Ensure You Are PCI DSS Compliant?
Failure to meet PCI compliance standards can have a terrible knock on effect on your business, as the financial implications of a breach can destroy your brand and reputation very quickly. You can mitigate this risk by maintaining compliance and providing verification and certification as required by the industry.

CommSec can help you meet you maintain PCI compliance through our analysis of your transactional processing environment. We scan your network and web applications to look for potential vulnerabilities. The scan will identify any potential threats or weaknesses that may allow an attacker to gain access to your network and potentially compromise cardholder data.