====== Security compliance services ====== **Review, Consultancy and Compliance services for the following standards.** Compliance to : PCI DSS Compliance to : UL 2900 Compliance to : NIST Compliance to : ISO 27001 Compliance to : ISO 17799 Compliance to : FIPS 140 Compliance to : ISO 27002 Compliance to : BS 7799 ISO/IEC 15408 Common Criteria Compliance to : {{ :atrc_website:standard_100-4_e_pdf.pdf |BSI Standard 100-4}} covers Business Continuity Management (BCM). Compliance to : {{ :atrc_website:bsi-standard-2001_en_pdf.pdf |BSI Standard 200-1}} defines general requirements for an information security management system (ISMS). It is compatible with ISO 27001 and considers recommendations of other ISO standards such as ISO 27002. Compliance to : {{ :atrc_website:bsi-standard-2002_en_pdf.pdf |BSI Standard 200-2}} forms the basis of BSI's methodology for establishing a sound information security management system (ISMS). It establishes three procedures for implementing IT baseline protection. Compliance to : {{ :atrc_website:bsi-standard-2003_en_pdf.pdf |BSI Standard 200-3}} bundles all risk-related steps in the implementation of IT baseline protection. IEC 62443 : This cybersecurity standard defines processes, techniques and requirements for Industrial Automation and Control Systems (IACS) Testing for : OWASP Top 10 Vulnerabilites Compliance to : ISO/SAE 21434 : This is a cybersecurity standard jointly developed by ISO and SAE working groups. It proposes cybersecurity measures for the development lifecycle of road vehicles. Checking for : CWE Top 25 Most Dangerous Software Errors Compliance to : General Data Protection Regulation (GDPR) ETSI EN 303 645 : This standard provides a set of baseline requirements for security in consumer Internet of things (IoT) devices. Compliance to : NERC. The most common is NERC 1300, which is a modification/update of NERC 1200. The newest version of NERC 1300 is called CIP-002-3 through CIP-009-3 (CIP=Critical Infrastructure Protection). These standards are used to secure bulk electric systems although NERC has created standards within other areas. **Compliance to national standards :** Malaysia [[countries:malaysia:cyber_security|Malaysia Cyber Security Policies]] Singapore [[countries:singapore:financial_and_cybersecurity_policies|Singapore financial and cybersecurity policies.]] Australia Essential Eight The Australian Cyber Security Centre has developed prioritised mitigation strategies, in the form of the Strategies to Mitigate Cyber Security Incidents, to help organisations protect themselves against various cyber threats. The most effective of these mitigation strategies are called the Essential Eight. Germany The Federal Office for Information Security (German: Bundesamt für Sicherheit in der Informationstechnik, abbreviated as BSI) standards are an elementary component of the IT baseline protection (German: IT-Grundschutz) methodology. United Kingdom UK Cyber Essentials Cyber Essentials is a United Kingdom government information assurance scheme that is operated by the National Cyber Security Centre (NCSC). It encourages organizations to adopt good practice in information security. Cyber Essentials also includes an assurance framework and a simple set of security controls to protect information from threats coming from the internet. Certifications of our consultants : Certified Ethical Hacker (CEH) Consultants capable to assist in ISO 27001 certification. Offensive Security Certified Professional (OSCP) **Common testing report deliverables include :** Overall Summary Assessment Methodology Type of Tests done Blackbox and Whitebox Risk Level Classifications checked Detailed Engagement Data Scanning Results : Including root kit scans, virus scans, malware scans, and network scans. Result Summary Table of Findings Detailed Findings. For each loophole found, the details can include Severity and potential impact information related to the loophole. CVSS score if available. Issue Description Proof of Concept Suggested methods and actions to take to fix the loophole. [[atrc_website:contact|Contact Information]]