Services
-
Expertise in providing cyber security and audit services to global financial institutions and central banks
-
Identify any gaps within the SWIFT CSCF requirements and propose a timely remediation for the independent assessment results to be compliant
-
Review companies documented policies, processes, business practices, and technical controls
-
Conduct stakeholder meetings with security and technology run teams
-
Provide final documentation
SWIFT CSP
-
Building and assessing effective and efficient enterprise-wide control mechanisms to ensure corporate compliance with COSO 2017 ERM framework
-
Establishing corporate focus on business risk identification, definition of key control initiatives, enterprise systems review, business data security, process control measures and policy administration
-
Translation of integrated risk ranking into annual S-OX scoping for focus testing
-
Set-up and compilation of regular S-OX Certification Committee reporting & Management Letters of Representation
Sarbanes Oxley (S-OX)
-
Designing and implementing of internal controls for SOC 1 reporting.
-
Testing effectiveness of controls
-
Facilitating Management with attestation of compliance.
-
Assessing Trust Service Principles (Security, Confidentiality, Processing Integrity, Availability & Privacy) to support SOC 2 certification.
ISAE 3402
Information Technology
Risk
-
Assessment of the information risks to people, processes, technology, and determining the likelihood and impact of the risk events, tolerance, and the threat environment
-
Audit the implementation, adequacy, and effectiveness of the security controls, existing safeguards and vulnerabilities,
-
Advisory to management on risk management matters, and as an independent reviewer to provide assurance on management’s capability and performance in risk management.
.
Data Privacy &
Protection
-
Establishing and implementing security-related policies
-
Overseeing regulatory compliance and ensuring data privacy
-
Establishing and overseeing the organization's security architecture
-
Supervising identity and access management
-
Establishing business continuity and disaster recovery
-
Conducting electronic discovery and digital forensic investigations
Cybersecurity &
Defense
-
Creating organizational Cybersecurity awareness
-
Improving mechanisms for Authentication and Authorization
-
Strengthening End-Point protection (desktops, laptops, mobile devices, PDAs)
-
Conducting Penetration Tests
-
Improving Patch Management, Log Monitoring and Security Incident Response processes