Skip links
Contact
Datasec

Service

Compliance Assessment + Consulting

For the past 36 years, we have been providing consulting services to address information security and cybersecurity challenges for companies in a diverse range of industries across Latin America and the USA.

Compliance Assessment

Diagnosis

To initiate a process for improving the management of information security and cybersecurity in any organization, one of the most crucial elements is to determine the current state of affairs and the level of risk that the organization is currently accepting, consciously or unconsciously.

In this regard, the first task is to define the baseline or audit criteria against which we will evaluate ourselves. Different reference frameworks are applicable based on the organization’s type or sector.

Some examples are:

Cybersecurity Framework - NIST

PCI-DSS (for companies processing, storing, or transmitting credit card data)

ISO-IEC 27001 standards (27002 and the whole set of associated specific standards)

COBIT 2019

CIS 18 Assessment

Consulting

Action plan

Based on the findings of the diagnostic phase, the identified level of risks, and taking into account any constraints the organization may face, it becomes possible to define an action plan. This plan aids in identifying the primary actions based on their cost-benefit ratio in contributing to the organization’s information security and cybersecurity.

The action plan includes setting deadlines, identifying involved actors (using a RACI chart), and accounting for other necessary resources.

For each scenario, the deliverables and expected results will be determined based on the predefined criteria. This could involve achieving a specific maturity level or maintaining an acceptable risk level.

Implementation support

Finally, once the action plan has been approved, it becomes essential to take action by implementing the various controls -administrative, technical, physical-, whether they are dissuasive, preventive, detective, or of any other nature that has been identified.

Depending on the chosen framework, the implementation process could be highly structured and defined, or it might allow a certain degree of discretion for the organization.

Ultimately, this phase might conclude with an audit or certification process, verifying the achievement of the established objectives.