Certitude Consulting Leistungen

IT is your solution Eng
for ICT Risk Management.

IT is Certitude

OUR SERVICE

The targeted management of Information & Communication Technology (ICT) risks results in a clear competitive advantage. Together with you, we can exploit this potential for you and your company: Our services focus on the areas of information security, cyber-security, business continuity management and ICT risk and regulatory management. 

Setup, extension, implementation and documentation of your ISMS

Information security includes, depending on the respective strategy, guidelines for the use of systems, applications and data, as well as an array of different rules, processes and technologies, e.g. identity and authorisation management, backup and archiving systems or standards for privileged users. The essential elements in information security:

  • Goals and strategies for and management of information security
  • Information security regulations
  • Identity and authorisation management
  • Operating instructions for privileged users
  • Data backup and archiving systems
  • Cyber defence mechanisms and cyber response plans
  • Business continuity management
  • Outsourcing management

Certitude, for your Information Security Management System (ISMS)

Certitude supports both the conceptualisation and the operational implementation of your Information Security Management System (ISMS). We take care of the structure and coordination of the project from start to finish and provide guideline templates, process descriptions and all other necessary documents specific to your company’s needs. Our specialist expertise guarantees you the most efficient ISMS.

What we give you:

  • Ongoing protection for your information, data and business processes
  • Tried and tested models tailored precisely to suit your organisation
  • Guidance through the practical implementation of your ISMS
  • Knowledge transfer through our comprehensively experienced consultants

Support in preparations for certification

As an international standard, the ISO 27001 lays out in detail the requirements for the implementation and maintenance of an effective Information Security Management System (ISMS). By definition, therefore, ISO 27001 certified companies have a proven management system in place which protects their information against theft, loss, manipulation and interruptions in operative processes. An ISO 27001 certification is also a good decision for organisations that are legally required to prove they have an ISMS in place.

ISO 27001 certification provides you with the credentials you need to show that your company adheres to international standards of information security management. It provides documented evidence that your IT processes are sound, reliable and fully compliant regarding customers, business partners and regulatory bodies.

Certitude, your way to ISO 27001 certification

Certitude guides you through the planning, qualification for and ongoing development of your ISO 27001 certified Information Security Management System (ISMS). Our goal is to develop and implement tailor-made solutions which meet all the requirements for ISO 27001 certification. The essential steps for ISO 27001 certification are as follows:

  • Analysis and evaluation of your ISMS based on ISO 27001
  • Identification of any deficiencies you have relating to ISO 27001 requirements
  • Support in clarifying and carrying out the necessary measures
  • Developing your ISMS according to ISO 27001 
  • ISMS assessment by certified and experienced ISMS auditors
  • Support through the ISO 27001 certification process itself 
  • Monitoring of changes to ISO 27001 standards with ongoing support for the continued development of your ISMS

What we give you:

  • Proof of trust and compliance for customers, business partners and supervisory authorities
  • Support through ISO 27001 certified ISMS managers & auditors
  • Knowledge transfer through advisors with extensive ISO 27001 certification experience
  • Help with introducing the measures needed to bring you up to standard

Our experience and know-how, your Information security officer

The information security officer is responsible for all the essentials regarding information security for your company. The officer makes sure that the predefined goals and measures contained within the IT strategy and information security guidelines are made transparent, monitored and adhered to.

Responsibilities of particular note are:

  • Supporting company directors in defining and aligning with information security guidelines, as well as advising on all questions regarding information security
  • Assistence in resolving conflicts of interest, like for example “profitability vs information security”
  • Compiling information security guidelines, as well as any other relevant regulations
  • Management and coordination of internal information security processes
  • Monitoring the information security procedures of your IT service provider 
  • Working together on issues of business continuity management, including the devising and further development of contingency plans
  • Overseeing the implementation of the measures taken
  • Contributing to IT and information security relevant projects 
  • First point of call for questions on information security both within the company and from third parties
  • Analysis and investigation of information security incidents and the consequent reporting of these to management
  • Devising, coordinating and conducting of training and other measures to increase awareness of information security

The information security officer’s role brings together specialist knowledge with social, leadership and entrepreneurial competencies.

Certitude, your key to efficient information security

Are you lacking the resources to tackle all aspects of information security? An external Certitude Information Security Officer (CISO) is here for you. Your CISO takes care of the following:

  • Support in defining and documenting the information security guidelines
  • Carrying out an initial information security risk analysis, and repeating this the following year
  • Conducting of regular employee training sessions on essential information security topics, as well as on internal and external rules and standards 
  • Information and advice on public relations/how to field external questions concerning all areas of IT security
  • Monitoring the legal framework of information security 
  • Coordinating and overseeing measures implemented to deal with information security weak spots
  • Support in execution of the relevant information security projects
  • Holding regular meetings with management, including information security progress reports on information security

What we give you:

  • Long-term protection for your information, data and business processes
  • Efficient, high quality solutions to safeguard your information security 
  • Experts with profound, operational knowledge and experience at your disposal as contact partners 
  • A CISO with comprehensive experience in the area of Information Security Management Systems/ISO 27001

Developing a risk-based cyber-security management system

Cyber-security is a lot more than just IT security. It’s an essential part of information security overlapping with business continuity management, crisis management, data protection, IT processes and, of course, IT security.

The recipe for success in cyber-security lies in optimising and refining the efficiency and efficacy of your cyber-security strategies. Indeed, these strategies and all processes and measures taken as a result need to keep up with the current cyber-security threats.

Certitude, your partner in cyber-security

With an up-to-date cyber-security strategy, together with the support of our specialists, you are always one step ahead of cyber threats, and as such are contributing substantially to the successful digitalisation of your company. The key steps to cyber-security:

  • Identifying the potential cyber-security risks
  • Devising a cyber-security strategy
  • Defining and implementing processes needed for cyber risk management
  • Taking measures to minimise cyber risk 
  • Establishing processes to monitor the ongoing effectiveness of these measures
  • Conceiving a system of monitoring which ensures early indentification and tackling of cyber threats
  • Predetermining escalation processes and crisis management steps in the event of a cyber-attack
  • Running regular vunerability analyses and penetration tests
  • Ongoing training and awareness raising of employees

What we give you:

  • Sustained protection against cyber threats
  • Tried and tested methods, tailored to the individual needs of your organization
  • Skillful guidance through from the introduction of the processes and methods to the implementation of those measures
  • Knowledge transfer through our comprehensively experienced consultants

Developing processes to ensure the continued operation of business

The goal of Business Continuity Management (BCM) is to keep vital business operations running under all conditions, or in more serious cases bring an affected process back to normal operation as quickly as possible. BCM is the development of strategies, contigency plans and plans of action to protect operations whose interuption would otherwise cause serious damage or threaten unrecoverable losses, allowing the operations to continue or for alternative procedures to take effect.

Certitude, your path to business continuity management

Certitude guides you through the planning, implementation and the ongoing development of your business continuity management. Our goal is to achieve this efficiently by building on pre-existing processes. The key steps towards protecting your operations:

  • Business Impact Analysis (BIA) – risk analysis in the case of an interuption in business operations 
  • Identifying the resources necessary to sustain vital processes
  • Risk analysis of the necessary resources 
  • Creating an accessibility and continuity risk profile
  • Ascertaining when to take action, defining and implementing the measures 
  • Devising and implementing recovery and contingency plans
  • Conducting and documenting of emergency drills
  • Establishing ongoing monitoring procedures and revisions of BCM

What we give you:

  • Protection for vital business processes, ensuring continued operation
  • Advisors with extensive experience in the field of BCM at your disposal 
  • Support through from the risk evaluation to the implementation of the risk reduction measures
  • Knowledge transfer through our BCM experts 

Managing risks when outsourcing services or data

Outsourcing of services or data (e.g. cloud outsourcing) has many advantages – but also entails risk. Especially when outsourcing sensitive or essential components of the IT infrastructure, all risks connected with information security must be analysed and evaluated.

Certitude, your partner in managing outsourcing risks

Certitude supports you in the analysis and evaluation of risks associated with outsourcing services and data to third parties. Based on this we help you define and implement the steps necessary to keep potential dangers in check. Our services:

  • Analysis and evaluation of outsourcing risks 
  • Conceiving and defining of tailor-made measures for risk reduction
  • Operative guidance in the implementation of the measures
  • Setting up of processes and systems to ensure ongoing evaluation and monitoring risks
  • Establishing control processes to be integrated into the internal monitoring system

What we give you:

  • Long-term protection for your information, data and business operations
  • Our expertise based on extensive experience in the area of managing outsourcing risk 
  • Competent experts with profound, operative knowledge as your point of contact
  • Assured efficient implementation within the context of existing processes

Assessing your risk in the area of information security 

Information security serves to ensure the confidentiality, integrity and accessibility of your data. Risk-oriented information management protects you against such dangers as unauthorised access or manipulation of data, thus preventing potential economic damage. A central element of information security management is risk assessment. This must be based on predefined risk criteria and take into account measures already in effect. Moreover, the evaluation of risk must be kept up to date at all times.

Certitude, evaluating your information security risks

Certitude, together with you, analyses and evaluates your risks relating to information security. Using standardised methods we then compare the results of the evaluation with your requirements and support you in choosing which measures will best be implemented to reduce your risk. The essential steps:

  • Clarifying the goals - i.e. your requirements relating to information security
  • Analysing vulnerability based on your business model and sector
  • Identifying critical/sensitive information networks and determining the level of protection needed
  • Analysing vulnerability in the case specific risk events
  • Quantifying the current risk, drawing up a risk profile 
  • Determining what measures need to be taken
  • Operational support in the implementation of these

What we give you:

  • Assurance that your risks meet your risk appetite
  • Consultants with extensive experience in the analysis of information security risks
  • Knowledge transfer through our risk management experts
  • Operational support in risk assessment and the implementation of risk reduction measures

Support in complying with statutory requirements

The ever increasing number and complexity of new rules and regulations in combination with very short implementation periods put ever more and more strain on companies to comply. Of note here is the fundamental effect such changes can have on business processes, potentially affecting the ability to remain competitive.

A lack of resources can make it difficult to keep track of and/or analyse any effects of new regulatory standards in ICT infrastructures. Monitoring and analysing, however, form the basis for sustainable strategic planning of processes and organisational structures within your company.

Certitude, your solution for efficient ICT regulatory monitoring

Certitude is there for you, keeping an eye on all the important legislative and regulatory bodies, as well as institutions whose primary function it is to make guidelines and regulations public. Our goal is to promptly pass all necessary information specific for your business model on to you, so that it can be properly taken into account in management processes. Our key services:

  • Ongoing analysis and evaluation of all significant regulatory changes
  • Specific preparation of the information relevant to your business model
  • A quarterly report on all changes affecting you
  • Support in prioritising what measures to take

What we give you:

  • Your assured adherence to all statutory requirements
  • Comprehensive, tailor-made monitoring of all ICT regulations
  • Help in interpreting the specifics, and analysing what action to take

Advice on implementation of rules and regulations

With a rising demand for information and communication technology, as well as the ever growing significance of the collection and handling of data and information, the legislatory and regulatory bodies are turning their attention ever more to these very topics. The sheer number and complexity of incoming rules and regulations, in combination with very short implementation periods, put ever more and more strain on companies to comply. Careful attention must be paid to the fundamental effect such changes can have on business processes, potentially affecting the ability to remain competitive.

Appropriate regulatory management makes sure that all external standards are met in the best way possible, in line with existing business processes. Significant competitive advantage comes with good regulatory management.

Certitude, your partner for ICT regulatory management

Certitude helps you effectively analyse and evaluate the effects regulatory changes may have on your business strategy and processes. Moreover, we assist you both in determining what measures to take, and in implementing these in the most efficient way. Our service:

  • Analysis and evaluation of regulatory changes relevant to your business model 
  • Devising tailor-made solutions to meet all new and existing requirements
  • Practical guidance through the implementation of the defined measures

What we give you:

  • Assurance that all legal requirements are met efficiently, taking your existing processes into account
  • Solutions tailored to your business model for the implementation of regulatory requirements
  • Competent experts with profound operational know-how as your contact partners.

Choosing the right level of protection

Information security management must ensure that information is given an adequate level of protection depending on its importance to the company. To this end, information is classified according to its value, legal requirements, criticality and sensitivity to unauthorised disclosure or alteration.

Certitude, for your information classification

Certitude guides you through the risk-oriented classification of your information. Together with you, we define what steps need taking and implement these efficiently. The essential steps when classifying information:

  • Defining the categories of information by level of confidentiality/need for protection etc.  
  • Determining guidelines for the handling of information of that class
  • Allocating all information to its respective categories
  • Planning the structure of the implementation phase
  • Choosing the necessary software and technical applications
  • Implementation of controls
  • Training phase and roll-out of the technical solution
  • Documenting the process/procedures

What we give you:

  • Lasting protection for your information
  • Expert guidance through the process of classifying your information
  • Knowledge transfer through our experienced advisors
  • Tried and tested templates, tailored exactly to you

Further development for protection of information and systems management

To adequately protect your company's information and IT systems, appropriate and functioning identity and authorisation management is essential. It prevents misuse and unauthorized manipulation of data and IT systems and ensures that only authorized users have access to IT services and applications.

Certitude, your guide for identity and authorisation management

Certitude is there with you in the planning, implementation and further development of processes and procedures for identity and authorisation management. Our goal is to work with you to further develop your identity and authorisation management using existing processes and tools. The essential steps:

  • Defining general procedures for dealing with identities and authorisations in your company’s sections and departments, and developing a comprehensive model for identity and authorisation management 
  • Categorising groups and types of identities and authorisations as well as defining the data owner and system owner
  • Defining guidelines for the administration of identities, user IDs and authorisations
  • Defining user guidelines for the handling of user IDs, authorisations and means of authentication
  • Specifying defaults for handling identifiers of administrators, emergency users and other privileged users, as well as defaults for granting time-restricted access to extended privileges
  • Establishing authorisation structures, documentation and approval procedures for the assignment of authorisations, and specifications for the creation and restrictive assignment of authorisations to target systems
  • Specifying and implementing controls within identity and authorisation management

What we give you:

  • Long-term protection for your information, data and business processes
  • Expert guidance through the implementation of identity and authorisation management
  • Knowledge transfer through our extensively experienced consultants
  • Tried and tested templates, tailored to the individual needs of your organisation