Navigating the mindfield of compliance regulation within the information
industry is difficult and can be a challenge for even the largest enterprise.
Usually, compliance with these standards is considered as an after thought.
However, organisations can use these standards to implement a more effective
security strategy within their organisation. Typically, some of the compliance
- PCI (Payment Card Industry Standards)
- APRA (i.e PPG234) - Australian Financial Sector
- ISO 270001, 27002 (International Information Security Standards)
- Industry standards such as OWASP and OpenSAMM
- Privacy Standards of Australia (Data & Security)
Typically, every business is driven by a particular standard. In some cases,
such as the Privacy Standards, every organisation in Australia must comply with
the default set of standards. Understanding your legal requirements for
compliance with relevant standards and then adopting a maturity approach to the
compliance program, is the first steps in implementing an effective security
Maturity Baseline Assessment
This is usually the initial step in understanding your compliance drivers and
risks within the organisation. This small engagement runs for approximately a
week (depending on the size of the organisation) and allows our team to interact
with relevant business owners within your organisation. The objective of this
assessment, is to take existing standards (mentioned above) and provide an
alignment (gap analysis) with an additional plan to help increase the maturity
within the organisation.
Compliance & Audit Implementation
This is typically a larger project within the organisation and is spread over a
period of time to help minimise the impact associated with cultural change
within the organisation. Taking the previous plan developed, the Appsecure team
can help to implement the strategy within the organisation, develop guidelines
and patterns for the technical and business teams to use within the
Contact us today, to discuss further with our strategic and governance team on
how we can help to ensure you comply with relevant industry standards and
implement an effective security program.