IT Governance

ISO 27001 Assessments & Implementations.

By aligning your information security management approach with international best-practice standards, we will help you put out less fires.

Our goal is to assist clients in navigating the Information Security Risk Landscape by covering all essential bases of their information security management system. Our processes are fully aligned with ISO 27001, an internationally recognized standard that governs policies, procedures, and guidelines for protecting information assets within the organization.

Benefits:

• Prioritize security areas according to business risks.
• Reduce costs by reducing the likelihood of and damage from incidents
• When it comes to confidentiality, integrity, and availability of information assets, present the facts
• Customers and stakeholders can have confidence in the way you manage risk.
• Protect your company, assets, shareholders, and directors.

King IV (tm), COBIT(r), 2019, ISO 38500, & ITIL[r]

Be able to demonstrate the business-enabling potential of your organization's Information & Technology systems and increase trust.

Our goal is to help organisations realize the benefits of their Information & Technology investments. We will align your IT department with the overall strategic business goals. Organisations can achieve new competitive advantages and be more successful in managing digital transformation within and around their organisation. Our team of experts has helped organizations achieve consistent, predictable, and measurable IT performance results by aligning IT operations with internationally-accepted best practice, such as COBIT(r), 2019 and King IV(tm).

Benefits:

• Manage IT projects, investments and suppliers responsibly
• Reduce complexity of policy and process
• Cost-effectiveness increases
• Information security arrangements and their outcomes can increase user satisfaction;
• Integration of information security should be improved
• Risk awareness and informed risk decisions;
• Information security incidents can be reduced
• Ensure that there is more support for innovation and competition.

Every cyber security journey should begin with a risk assessment. Regardless of how you decide to protect your organization against data loss, cyber theft, or fraud, you need to first determine what you should be protecting.

An Expertect Advisor organizes meetings on site with different stakeholders of the organisation. This includes a representative from Management, who is familiar with the company's policies. Each section of the ISO 27001 standard is covered in detail. The stakeholder are then asked questions and receive feedback. We also evaluate the organization's policies against the ISO 27001 standards' controls during these meetings. These ratings are based upon the organization's knowledge, practices, and alignment of controls with existing company policies.

Expertect can help you understand and address the organizational consequences of data protection regulations such as the Protection of Personal Information Act (POPI), EU's General Data Protection Regulations (GDPR), and the UK Data Protection Act.

The scope of Personal Information Management Services is designed to identify the organizations' compliance with the Protection of Personal Information Act. 4 of 2013 (POPI), General Data Protection Regulation(GDPR), and Data Protection Act readiness gaps to help them address these risks effectively and efficiently. Our team includes experts who can help clients and customers prove their data protection compliance to regulators, auditors, and clients.

Who are the data regulations affecting?

• The Protection of Personal Information Act: Organizations that decide how and why personal information is processed (i.e. Responsible Party
• The General Data Protection Regulation (EU), Organizations that control and process data.
• Data Protection Act (UK),: Everybody responsible for the use of personal data of UK residents.

Not legal counsel. We are not lawyers. Contact your legal advisor for more information about each law.

We can help you to identify and implement security hardening procedures that will secure card payments and reduce fraud.

Expertect will help protect customer payment information from fraud by aligning your organization's data processing methods with the Payment Card Industry Data Security Standard (DSS). Our Payment Card Information Security Management services cover the entire Information Management Process from initial assessment through remediation and response to incidents. Although we don't do PCI audits, we can help you prepare all the documentation and proofs that would be required to be audited (QSA).

To what type of organization does PCI DSS apply

• Organisations that are involved in payment card processing or have access to it, such as processors, acquirers and issuers as well as merchants, processors, issuers, issuers and service providers (including shared-hosting providers).
• Organisations that store and process cardholder data (CHD), and/or sensitive authentication information (SAD).

What legal risks are there if you're not PCI DSS-compliant?

• Incur fines for payment card data loss;
• Financial responsibility for fraud using stolen payment data
• You risk losing customers' trust and your future business.
• For compliance costs, you will pay more
• You will lose the ability to accept payments cards.