Get a structured approach to information security and risk management. Dubex offers advice and support in the implementation of various frameworks and directives.
With a compliance check, we uncover your company’s actual compliance with legal requirements or standards. Based on the check, you can make decisions about the next step to ensure compliance.
The compliance check is based on a review of relevant organisational, physical and technical conditions and checks in relation to the specific legal requirement or the standard your company must comply with or the certification the company wants.
What we do
The project begins with a start-up meeting, where further details about the scope of the compliance check, access to documentation, etc. are agreed. Dubex then either conducts interviews with relevant key personnel or reviews relevant documentation.
Based on interviews/reviews, Dubex prepares an overview of specific deficiencies that must be addressed to ensure compliance. The overview contains:
- A detailed description of the current compliance level, including whether the controls have been described (documented), complied with and whether compliance is documented.
The overview can be supplemented with prioritised recommendations and an action plan that will take the company to the desired level, e.g. a certification.
Dubex Compliance Check can be supplemented with the following, for example:
- Security Analysis
- Advice and feedback on the implementation of ISO 27001
- Advice and feedback on compliance with the GDPR
ISO 27001 Implementation
With the ISO 27001 standard, your company gets a structured approach to information security and risk management. Based on a risk assessment, a management system is established with the controls necessary to deal with your company’s specific risks.
No matter whether you simply want to comply with the standard (compliance) or want a certification, your company gets a management tool that can be used to document to customers, partners and authorities that the company stores and processes sensitive information securely.
Starting point in your organisation’s needs
Based on your company’s specific risks, relevant controls are selected to ensure an appropriate level of security. The selection of the controls is based on the ISO 27002 standard, which is based on “best practices” in the field of information security.
At the same time, you can build the processes that will maintain and document the company’s information security – also in relation to third parties, such as customers, partners, subcontractors and authorities.
What we do
Dubex offers advice and feedback on all phases in relation to the implementation of the ISO 27001 standard: From a simple overview of deficiencies (compliance check) or workshops, where we discuss and share specific challenges to planning an actual implementation project, where we help to ensure progress and necessary knowledge in the organisation, e.g. about the execution of a risk assessment.
The focus of all our advice is that your company gets a practical product that addresses your business needs and is well rooted in your processes.
In connection with an ISO 27001 project, you may want to consider the following services:
Address tomorrow’s challenge, today.
Talk to an expert about how we can secure your business