CommSec’s customers need to ensure that their IT security products, processes and practices are effective, documented and measurable. The methodology employed in conducting our Security Assessments is based on the ISO 27001:2013 Information Security Standard combined with industry best practices and standards published by organisations such as the SANS Institute, the US National Institute of Standards and Technology, the US CERT Coordination Centre and the Centre for Internet Security.
When we undertake a security audit for your business, we examine every aspect of your IT environment and how users and IT administrators work with the IT systems.
At the completion of the audit, we give a comprehensive written report which includes all our key findings and detailed prioritised remediation recommendations.
This can form the basis for strengthening a robust IT security strategy, in line with company risk management and security objectives. We recommend carrying out a security assessment at least annually.
DPO aaS
Achieving and maintaining compliance with industry specific data security standards and general compliance standards like GDPR, can place an additional burden on your business. However, remaining compliant with data protection laws and best practises is essential for any organisation.
CommSec offer a broad range of services which help you achieve security and data protection compliance.
We can work with you no matter where you are on the journey to achieving compliance.
Scenario 1
You may already have achieved some compliance or quality standards and you need to build on that to meet new obligations or meet more sophisticated threats to your business.
Scenario 2
On the other hand, you may have very little in-house knowledge around security and compliance. In that case we can provide you with a fully managed program of building the systems and processes in your business to become compliant with GDPR and other regulations that may affect you, such as PCI DSS.
To become compliant- we need to look at your entire business and how it manages data. IT security is only one part of this process. We look at all the information assets in your business-what security technology and data protection processes if any, you have in place, then perform a standards-based risk evaluation and gap analysis.
The outcome of this risk assessment is that we get a clear picture of where your major risk areas and vulnerabilities are.
Then we can design a solution around business processes and technology, to achieve compliance with security standards and GDPR.
- Data Protection Officer (DPO) as a Service
Our DPO-as-a-Service offering is proving popular with customers who require a Data Protection Officer and where this is not a full-time role. Clients benefit from experienced, objective professionals who are skilled at board-level communication and have a track record of implementing effective Data Protection processes and practices, as well as associated documentation and audits.
Finally, we offer the services of our Data Protection Consultants to provide support to the newly appointed or under-resourced Data Protection Officer in many organisations.
GDPR
CommSec offer a broad range of services in relation to Data Protection. Many of our customers start with a comprehensive Data Protection Impact Assessment, conducted by one of our highly experienced Data Protection Consultants. The written report that follows provides a framework for continuously improving your Data Protection posture, including compliance with the General Data Protection Regulation (GDPR).
We also offer GDPR Training, including classroom and software options. Our classroom training empowers management and assigned Data Champions to communicate effectively and accurately with their teams. Software training solutions ensure that awareness is measured, employees working shifts or remotely are included, improvement metrics are reported on and new hires are not missed.
CISO aaS
Achieving and maintaining compliance with industry specific data security standards and general compliance standards like GDPR, can place an additional burden on your business. However, remaining compliant with data protection laws and best practises is essential for any organisation.
CommSec offer a broad range of services which help you achieve security and data protection compliance. We can work with you no matter where you are on the journey to achieving compliance.
Scenario 1
You may already have achieved some compliance or quality standards and you need to build on that to meet new obligations or meet more sophisticated threats to your business.
Scenario 2
On the other hand, you may have very little in-house knowledge around security and compliance. In that case we can provide you with a fully managed program of building the systems and processes in your business to become compliant with GDPR and other regulations that may affect you, such as PCI DSS.
To become compliant – we need to look at your entire business and how it manages data. IT security is only one part of this process. We look at all the information assets in your business – what security technology and data protection processes if any, you have in place, then perform a standards-based risk evaluation and gap analysis.
The outcome of this risk assessment is that we get a clear picture of where your major risk areas and vulnerabilities are.
Then we can design a solution around business processes and technology, to achieve compliance with security standards and GDPR.
- Chief Information Security Officer (CISO) as a Service
This is a great option for when there isn’t a full-time requirement for a CISO. Our CISO as a Service gives you access to a very experienced CISO on a long-term continuous basis, but at a level of engagement you can afford. The flexibility of the service means you can pay for what you need to meet your requirements at different times.
CommSec offer a broad range of services in relation to Data Protection. Many of our customers start with a comprehensive Data Protection Impact Assessment, conducted by one of our highly experienced Data Protection Consultants. The written report that follows provides a framework for continuously improving your Data Protection posture, including compliance with the General Data Protection Regulation (GDPR).