Our Security Know-How,
Your Peace of Mind.
Getting on the Road to Business Self-Sustainability with the ISO Standards
We provide advisory services to help our clients to get ready for a Management System certification audit. USIS covers the following standards:
ISMS ISO/IEC 27001
A central plank of the ISO 27000 group of information security standards, ISO 27001 is a framework that helps organisations create, implement, monitor, operate, maintain, assess and continually improve an Information Security Management System (ISMS).
In other words, it is a holistic approach to ensuring the confidentiality, integrity and availability (CIA) of important corporate information assets. Informed by a regular IT security risk assessment, the framework makes for an efficient, risk-based and technology-neutral system for keeping information assets secure.
Having led multiple ISO 27001 certification projects, the team at USIS knows what it takes to implement the Standard. All through your project, we provide the most robust support, from conducting an initial gap analysis to selecting a certification body.
Reduce your information security costs, improve company culture, and build a central framework for organisation-wide protection.
Technology wallpaper vector created by pikisuperstar – www.freepik.com
Confidential photo created by rawpixel.com – www.freepik.com
PIMS ISO/IEC 27701
ISO/IEC 27701 provides guidelines and standards for implementing, designing, maintaining, and working on the continuous improvement of a Privacy Information Management System (PIMS). Remember that to comply with ISO 27701 it is first necessary to satisfy the requirements of ISO 27001; the two standards are designed to complement each other.
ISO 27701 addresses the working practices of PII (Personally Identifiable Information) processors and controllers. For this reason, organisations of all sizes and categories stand to benefit. Data protection is especially useful, especially against the background of punitive fines for breaches and the risk of reputational damage.
USIS streamlines the challenge of compliance with the use of automated data collection and analysis, built-in questionnaires, and prioritised remediation guidelines. In this way, we set you on the path to build even stronger trust with your local authorities, partners, employers, and customers.
BCMS ISO/IEC 22301
ISO 22301 is a worldwide standard for Business Continuity Management (BCMS). It provides detailed instructions on how to create and maintain an efficient business continuity management system, helping your company to build a robust defence against a number of internal and external threats — and also to recover quickly in times of disaster.
According to research, around one in five businesses experience significant disruption each year. Evidently, it’s a serious issue that needs to be dealt with. The good news is that ISO 22301 helps entities of all stripes, large or small, profit or non-profit, public or private. This clever framework is written in such a way that it can be applied by any organisation.
There are 11 sections to the standard, and seven of these are mandatory.
ISO 22301 helps you to stay on the top of constantly changing legal compliance issues, and to reduce your dependence on individual team members. It can also be used as a marketing tool, as customers want to know they are dealing with a reliable company.
Every single minute of downtime costs you money – and often a great deal – in today’s era of real-time transactions and services. USIS is here to make sure your organisation never misses a moment.
Image by Domino effect photo created by snowing – www.freepik.com
Risk Assessment and Advisory Services
USIS provides risk assessment advisory services to help our clients understand their risk profile and respond accordingly. Companies planning to acquire cyber insurance need to perform a risk assessment and seek proper controls to mitigate today’s increasingly sophisticated and evolving cyber threats.
Our leadership team comes from a background of providing expert cryptographic services and has a long track record in security product testing and certifications.
We are prepared to walk many extra miles for our customers to ensure they meet their certification needs. The crucial difference with USIS is that we show our customers how to self-maintain their certifications. We help you to achieve more with less — and to prove that investment in tighter security really pays off.
Consulting in Security Product Certification
USIS is the go-to expert for organisations that want to stay on top of FIPS
The Federal Information Processing Standard (FIPS) is a group of standards drawn up by the US government with the aim of keeping cryptographic modules secure. The latest version, FIPS 140-3, replaced 140-2, which had been considered the gold standard for sensitive yet unclassified data hardware security for the previous 20 years.
This version is more closely aligned with worldwide ISO/IEC standards, which has many organisations wary of how the update affects them. Fear not, as USIS provides a number of advisory services to help our clients’ products achieve certification for FIPS 140-3, as well as Common Criteria (CC).
You’re in good hands, as cryptographic components are one of the trickiest implementations in software and hardware to get exactly right.
An organisation’s dedication to security needs to stretch far beyond FIPS certification, but this newly updated standard is a brilliant starting point.
Feel free to contact us for more enquires.