Compliance

Get a structured approach to information security and risk management. Dubex offers advice and support in the implementation of various frameworks and directives.

Danish organisations are increasingly faced with demands and expectations from authorities, partners, employees, customers and citizens who expect their data to be stored and processed securely.

Compliance Check

With a compliance check, we uncover your company’s actual compliance with legal requirements or standards. Based on the check, you can make decisions about the next step to ensure compliance.

The compliance check is based on a review of relevant organisational, physical and technical conditions and checks in relation to the specific legal requirement or the standard your company must comply with or the certification the company wants.

A Dubex Compliance Check (gap analysis) provides the company's management with an overview of specific deficiencies in relation to specific legal requirements or standards.

What we do

The project begins with a start-up meeting, where further details about the scope of the compliance check, access to documentation, etc. are agreed. Dubex then either conducts interviews with relevant key personnel or reviews relevant documentation.

Based on interviews/reviews, Dubex prepares an overview of specific deficiencies that must be addressed to ensure compliance. The overview contains:

A detailed description of the current compliance level, including whether the controls have been described (documented), complied with and whether compliance is documented.

The overview can be supplemented with prioritised recommendations and an action plan that will take the company to the desired level, e.g. a certification.

Dubex Compliance Check can be supplemented with the following, for example:

Security Analysis
Advice and feedback on the implementation of ISO 27001
Advice and feedback on compliance with the GDPR

ISO 27001 Implementation

With the ISO 27001 standard, your company gets a structured approach to information security and risk management. Based on a risk assessment, a management system is established with the controls necessary to deal with your company’s specific risks.

No matter whether you simply want to comply with the standard (compliance) or want a certification, your company gets a management tool that can be used to document to customers, partners and authorities that the company stores and processes sensitive information securely.

Starting point in your organisation’s needs

Based on your company’s specific risks, relevant controls are selected to ensure an appropriate level of security. The selection of the controls is based on the ISO 27002 standard, which is based on “best practices” in the field of information security.

At the same time, you can build the processes that will maintain and document the company’s information security – also in relation to third parties, such as customers, partners, subcontractors and authorities.

ISO 27001 is an international management standard on information security. The standard is a management tool that helps your company protect valuable information, including personal data, in a secure and reliable way.

What we do

Dubex offers advice and feedback on all phases in relation to the implementation of the ISO 27001 standard: From a simple overview of deficiencies (compliance check) or workshops, where we discuss and share specific challenges to planning an actual implementation project, where we help to ensure progress and necessary knowledge in the organisation, e.g. about the execution of a risk assessment.

The focus of all our advice is that your company gets a practical product that addresses your business needs and is well rooted in your processes.

In connection with an ISO 27001 project, you may want to consider the following services: