MENU

Compliance Management

Compliance is all about adhering to the rules. The rules may be externally mandated, such as laws and industry specific; or self imposed such as internally created or externally selected standards.

Compliance Management requires that you understand what rules you need to adhere to and then confirming that you are. It is the process by which you plan, organise, monitor and lead activities that give you assurance of your level of compliance.

The level of compliance is unique to an organisation. You may not need to be fully compliant with a standard when partial compliance meets your unique needs and risk appetite.

Our experts can help you understand your compliance requirements and work with you to achieve the level of compliance required.

Compliance options that suit your specific requirements

At SSS we have a range of services supporting your compliance management needs which will be tailored depending on where you are on your security journey.

Compliance Management2

Want to know more? 

Contact us on 04 917 6670 or sales@sss.co.nz if you would like to know more about our Compliance Management solutions.

Request more information

All solutions logo 01 Solutions

  • Cyber Security Framework and Policies

    A cyber security framework is crucial to effective governance within this area of your business.

    A cyber security framework is crucial to effective governance within this area of your business. It enables you to intelligently manage your cyber risk in line with your overall business risk appetite. A cornerstone of your framework is a set of policies that set out the principles for cyber security efforts within your organisation. They should clearly define the rules you expect to be adhered to so that risk is managed appropriately.

    Want to know more?

    Contact us on 04 917 6670 or sales@sss.co.nz if you would like to know more about our Cyber Security Framework and Policies.

    Request more information

    How we can help

    We help you select an overarching cyber security framework that meets the unique requirements of your organisation, or develop a bespoke framework if required.

    We then help you develop policies that reflect both your operational needs and your risk appetite.

    We recommend an annual review of your framework and policies as your risk profile, the threat environment, and technology change regularly. 

    Benefits to your organisation

    This service ensures that your cyber security framework enables your business to operate your way, safely. 

    • Tailored to your organisation
    • Identify and document your cyber security goals
    • Guidance on how to achieve these goals.

    How we deliver your framework and policies

    We tailor an approach to best suit your needs. This may include the following:

    • Reviewing your existing framework and policies - and whether these are relevant and living, or gathering dust
    • Developing an overarching governance policy
    • Developing a policy set for you that enables your business to operate safely

    We can base policies on existing frameworks such as:

    • CIS-20
    • ISO 27001
    • HISF
    • NZISM
    • SANS
    • COBIT
    • PCI-DSS
  • Security Certification Readiness Assessment

    Government entities are often required to certify (and re-certify) a system's cyber security posture as part of an assessment and authorisation process.

    Government entities are often required to certify (and re-certify) a system's cyber security posture as part of an assessment and authorisation process.

    Similarly, commercial entities may be required by their customers or partners to demonstrate a level of cyber maturity by becoming certified.

    To increase the likelihood of a successful outcome, the entity seeking authorisation of their system should first perform a certification readiness assessment.

    A security certification readiness assessment provides greater knowledge and understanding of your system's cyber security posture before entering into the certification phase of the authorisation process.

    Contact us on 04 917 6670 or sales@sss.co.nz if you would like to know more about our Security Certification Readiness Assessments.

    Request more information

    Benefits to your organisation

    Performing a security certification readiness assessment provides your organisation with:

    • knowledge of cyber security shortcomings to enable proactive and timely remediation
    • the ability to focus on implementing changes to increase the likelihood of achieving authorisation.

    How we deliver a certification readiness assessment

    By testing your system before the official certification assessment, we can identify areas of concern within the assessor's planned security control set.

    We can work with you to prioritise findings for remediation, develop mitigation strategies, and create mitigation statements.

    Typical activities

    • Assessing the system against the designated security control set.
    • Providing input on which findings should be prioritised for remediation or mitigation.
    • Providing mitigation statements that clearly explain why a finding has a lower risk than might be initially assumed by the assessor.

     

  • Security Gap Analysis

    Often business managers and technical teams do not have a clear understanding of what is required to protect both the business and its information assets in an increasingly connected operational environment.

    Often business managers and technical teams do not have a clear understanding of what is required to protect both the business and its information assets in an increasingly connected operational environment.

    It is essential in modern business practice to gain a clear and concise understanding of what your critical information assets are, where they are stored and, how they are protected.

    We provide an overview of your organisation’s security maturity or posture, bringing to light the ‘unknown unknowns’.

    Want to know more?

    Contact us on 04 917 6670 or sales@sss.co.nz if you would like to know more about our Security Gap Analysis service.

    Request more information

    Benefits to your organisation

    This service provides an overview of your organisation’s security maturity or posture. This provides:

    • a baseline providing insight into your current security posture
    • a remediation plan helping you to better secure your systems
    • a measurement of how well your technical and non-technical controls implement the full scope of your cybersecurity framework
    • an understanding of how well your organisation integrates security into your business planning.

    How we deliver a gap analysis

    An independent assessment of your current cyber security state which includes the following:

    • Identifying your information assets and ownership
    • Conducting a gap analysis against your chosen standard or framework
    • Providing recommendations for remediation work to address identified gaps
    • Producing a full gap analysis review, including summary report that can be consumed and understood at the Executive level, detailed findings for technical personnel
    • Aiding delivery of the findings to senior management

    Standards and frameworks

    We can base the gap analysis on standards or frameworks including:

    • CIS-20,
    • ISO 27001,
    • HISF,
    • NZISM,
    • SANS,
    • COBIT, and
    • PCI-DSS.

    We can also help you select a framework appropriate for your organisation.