ISO 17799 Compliance

Is your company regulated by ISO 17799 Compliance Requirements?
Are you under a deadline to comply with compliance requirements?
Are you uncertain how to start this complex and confusing project?  — No problem. 

OUR TEAM OF EXPERTS CAN HELP YOU TO ACHIEVE COMPLIANCE.

We assist clients in meeting many regulatory compliance standards, including but not limited to SOX, PCI DSS, PCI- PA-DSS, PCI- PIN- Transaction Security, HIPAA, FISMA(NIST), GLBA, SAS 70, FDA, and ISO 17799 Security Standards, and recommend guidelines to meet client-specific security requirements in a timely manner.

Our security professionals and IT Auditors can help your organization to plan, develop, deploy, and integrate all the necessary security protocols, controls, and check points, and key business processes, procedures, and best practices required to reduce, control, transfer, and eliminate all potential security threats and vulnerabilities and keep your business operations in compliance.

We can be the Internal Auditor or Third-Party Auditor that validates your specific security requirements. Our certified, qualified, and experienced IT Auditors can assess your organization to evaluate its security posture and provide an unbiased Attestation and Certification letter, along with an IT Audit Summary Report, to comply with specific regulatory standards.

As our IT Auditors are certified, accredited, and recognized by ISACA, an audit governing body, our audit reports are recognized and accepted by most governmental and international agencies.


What is ISO 17799 Compliance?

ISO 17799 is an information security code of practice. It includes a number of sections, covering a wide range of security issues. Very broadly, the code’s sections are as follows:

1. Risk Assessment and Treatment
This addition to the latest version of the code deals with the fundamentals of security risk analysis.

2. System Policy
Objective: Provide management direction and support for information security.

3. Organizing Information Security
Objectives: 

a) Manage information security within the organization.   

b) Maintain the security of information and processing facilities with respect to external parties.  

4. Asset Management
Objectives: 

a) Achieve and maintain appropriate protection of organizational assets. 

b) Ensure that information receives an appropriate level of protection.

  5. Human Resources Security
Objectives: 

a) Ensure that employees, contractors, and third parties are suitable for the jobs they are considered for and understand their responsibilities; reduce the risk of abuse (theft, misuse, etc).

b) Ensure that the above persons are aware of IS threats and their responsibilities, and able to support the organization's security policies.

c) Ensure that the above persons exit the organization in an orderly and controlled manner.   

  6. Physical and Environmental Security
Objectives:

a) Prevent unauthorized physical access, interference, and damage to the organization's information and premises. 

b) Prevent loss, theft and damage of assets.

c) Prevent interruption to the organization's activities.  

 7. Communications and Operations Management
Objectives: 

a) Ensure the secure operation of information processing facilities.

b) Maintain the appropriate level of information security and service delivery, aligned with third-party agreements.

c) Minimize the risk of systems failures.

d) Protect the integrity of information and software.

e) Maintain the availability and integrity of information and processing facilities.

f) Ensure the protection of information in networks and of the supporting infrastructure.

g) Prevent unauthorized disclosure, modification, removal, or destruction of assets.

h) Prevent unauthorized disruption of business activities. 

i) Maintain the security of information and/or software exchanged internally and externally.

j) Ensure the security of e-commerce services. 

k) Detect unauthorized information processing activities.

 8. Access Control
Objectives:

a) Control access to information.

b) Ensure authorized user access.

c) Prevent unauthorized access to information systems.

d) Prevent unauthorized user access and compromise of information and processing facilities.

e) Prevent unauthorized access to networked services.

f) Prevent unauthorized access to operating systems.

g) Prevent unauthorized access to information within application systems.

h) Ensure information security with respect to mobile computing and teleworking facilities.

 9. Information Systems Acquisition, Development, and Maintenance 
Objectives:

a) Ensure that security is an integral part of information systems.

b) Prevent loss, errors, or unauthorized modification/use of information within applications.

c) Protect the confidentiality, integrity, or authenticity of information via cryptography.

d) Ensure the security of system files.

e) Maintain the security of application system information and software.

f) Reduce/manage risks resulting from exploitation of published vulnerabilities.

10. Information Security Incident Management
Objectives: 

a) Ensure that security information is communicated in a manner allowing corrective action to be taken in a timely fashion.

b) Ensure a consistent and effective approach is applied to the management of IS issues.

 11. Business Continuity Management
Objectives: 

a) Counteract interruptions to business activities and protect critical processes from the effects of major failures/disasters.

b) Ensure timely resumption of business activities and critical processes in the event of failure/disaster.  

  12. Compliance
Objectives: 

a) Avoid the breach of any law, regulatory or contractual obligation, or any security requirement.

b) Ensure systems comply with internal security policies/standards.

c) Maximize the effectiveness of and minimize associated interference from and to the systems audit process.