Our security analysts that are working on compliance side of SeNet’s security practice are well trained in various industry security compliance standard including standards from International Standards Organization (ISO). We understand that risk assessment methodologies as laid out in ISO standards provide a solid framework for an organization to follow and they also are flexible in implementation of security controls based on specific security requirements. Specifically we will be following the “Plan, Do, Check, and Act (PDCA)” risk management strategy as laid out in ISO 27005 standard.
Central to our process is the Interview and Examination application. This serves as a central repository throughout the testing process and provides traceability. It contains a listing of all required ISO controls along with the requested information/evidence that is required to determine if the control is in-place.