VIRTUAL CISO – vCISO | Minimize the Cyber and Safety Risks

Our service of vCISO has been designed to help you with:

• Information Safety strategy revision.
• Revision and development of Safety Politics and Procedures.
• Certification with the industry standards, like ISO27001, ISO27701, PCI DSS, PCI PIN.
• Conformity with regulations, like LGPD, BACEN, CVM.
• Invasion tests (EHT), scans, evaluations and safety analysis.
• Development and implementation of threats managing strategy.
• Business continuity managing, BIA, recovery strategies, PRD, PCN.
• Awareness campaigns and phishing simulations.
• Know more…

Data Protection General Law – LGPD
Diagnostic, Analysis, Action Plan and Implementation

The scope of our works consists in:

• Understanding of the ambient and documented safety processes + scope definition + interviews with the responsible.
• Documentation and processes analysis with implemented and non-implemented controls quantities, as well as the instructions and recommendations about its implementation.
• Mapping (Data Mapping) of systems, worksheets and documents, physical or digital, which contain personal and sensitive data (beneficiaries, clients or collaborators), as well as from service rendering companies and third parties that have access to personal data of clients and collaborators. The mapping will be done by sampling.
• Elaboration of the detailed planning to adequate the non-adhering controls.
• Description of a scope suggestion for the future Certification in NBR ISO/IEC 27001:2013.

Business Impact Analysis (BIA) | Business Continuity and Recovery from Disasters

This program, known by the term in English BCMS (Business Continuity Management System), presupposes the periodic making of:

• Risk assessment;
• Business Impact Analysis – BIA;
• Definition/revision of the recovery strategy;
• Making/maintenance of the business continuity plans, crises management and answer to the emergencies/incidents;
• Simulation exercises from the requirements and business priorities.

Information Safety Risk Assessment | Make the Maturity Analysis and its Safety Director Plan

Our objective is to make the Information Safety Processes Maturity Level Analysis, aiming to identify, document and report eventual inconsistencies with the minimum international standards of internal controls and Information Safety desired by your High Administration.

Such results will be used to make the Information Safety Strategic Director Plan to address the future actions concerning to, as a minimum:

• Revision of processes, politics and Information Safety activities.
• Preservation of the confidentiality, integrity and information availability.
• Increase in the level of awareness and collaborators awareness, through the creation of periodic integration programs.
• Prevention of information leaking and data protection.

Awareness in Information Safety

As part of the efforts to transform and mature the Information Safety practices, AuditSafe has a big set of items and actions of Safety Awareness for your choice, which shall be applied, in a specific project or under demand, for the several internal publics of the companies.

The materials include: animation videos with instructive contents concerning information safety, suggestion to create new arts for application in computers wall papers and making of screensavers. It includes dynamic activities in the company common areas, including the participation of actors, development of illustrative materials and ceremony preparation for the program specific events.

Information Safety E-learning

It is highlighted its material and own e-learning contents, according the figures below, directed to executives and to the users, addressing the main preoccupation with the leaking prevention and general cares with the information safety.

Consulting to Implement the NBR ISO/IEC 27001:2013 Standard

In the last years the interest in the adequacy of computing ambient with the implementation of safety controls has grown significantly.

Researches include the investment tendencies for the next years, among them, the risks management improvement, the implementation of tools and processes to avoid the leaking of information and the awareness in Information Safety.

It is also observed in the researches that more than 8% of the participants implement and certify formally an Information Safety Managing System (SGSI) and that, as an average, 17% are in an implementation phase.

The more interesting is that approximately 32% still not have a SGSI, but they are considering its development and implementation.

AuditSafe uses its own Information Safety Structured Method, named MESI, for the development of its services and focus in fulfilling the safety aspects concerning the human factor (people), technological, internal and processual factors (standards and procedures).

This method provides a systematic process to implement a SGSI based in the NBR ISO/IEC 27001:2013 standard, which is also used in the scope definition, in the processes mapping, in the risks present situation visualization of an evaluation ambient, in the making of its structural documents (politics, standards and procedures), in the metrics definition and in the activities planning or implementation project.

The choice of an adequate method to implement a SGSI is important, because it aids in the resolution of problems related to the confidentiality, integrity and availability treats of the corporative information, and directs efforts, investments, technologies and human resources.