Cyber Compliance & Assurance

Achieve compliance with cyber laws, standards and frameworks

Cyber Compliance & Assurance

Cyber security compliance obligations are becoming increasingly complex.  We assist organisations in achieving compliance or alignment with the landscape of all key SA and international cyber related laws, standards and frameworks. 

Services include:
 

Cyber Essential tab
ISO 27001 tab
SWIFT CSP tab
System and Organisation Controls tab
PCI DSS tab
NIS Directive tab

Cyber Essentials 

Cyber Essentials helps you to guard against the most common cyber threats and demonstrate your commitment to cyber security. It is a UK government backed scheme whose certification process is designed to help organisations of any size – all while keeping the approach simple, and pragmatic. 

Our services include: 

  • Pre-assessment 
  • Formal Cyber Essentials certification 
  • Formal Cyber Essentials Plus certification 

Forvis Mazars can certify organisations against both cyber essentials and cyber essentials plus. 

Back

ISO 27001

ISO/IEC 27001:2013 (also known as ISO 27001) is an international standard that sets out the specification for an ISMS (information security management system). Our services are designed to help organisations on their roadmap to ISO 27001 certification or alignment: 

  • Scope and framework development 
  • Policies and documentation support 
  • Risk assessment advisory 
  • Gap analysis 
  • Maturity assessment 
  • Remediation support 
  • Pre-assessment review 
  • Internal audit 

Back

SWIFT CSP 

The Society for Worldwide Interbank Financial Telecommunications (SWIFT) Customer Security Programme (CSP) is a framework designed to help financial institutions improve their cyber security posture. All SWIFT members must submit an annual self-attestation of compliance with the controls outlined in the framework. Our services include: 

  • SWIFT CSP audits 
  • SWIFT CSP assessments 
  • Internal audit reports on SWIFT CSP controls 

Back

System and Organisation Controls (SOC) 

The American Institute of Certified Public Accountants (AICPA) designed SOC 2 and SOC for Cyber Security examinations to assist organisations of any size, regardless of industry and scope to, respectively, ensure the assets of their potential and existing customers are protected and as a framework for cyber security risk management. Our testing is based on the defined principles and criteria published by AICPA and is performed by experienced assessors. Our services include: 

  • SOC 2 readiness assessment 
  • SOC for Cyber Security readiness assessment 
  • SOC 2 examination 
  • SOC for Cyber Security examination 

Back

PCI DSS 

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that organisations that accept, process, store or transmit credit card information maintain a secure environment. We help organisations navigate PCI DSS compliance requirements with a pragmatic approach. Our PCI DSS consultancy services include the following and we also have Qualified Security Assessors (QSA) within our firm: 

  • PCI DSS Gap analysis 
  • PCI DSS Scope reduction  
  • PCI DSS Policies and procedures documentation 
  • PCI DSS QSA support  

NIS Directive 

The NIS Directive, that aims to improve the security and resilience of network and information systems across the EU, was enacted in UK law as The Network and Information Systems Regulations 2018. We help organisations assess their level of compliance against the NIS Regulations’ requirements (14 high-level compliance principles from NCSC). 

Back

Get in touch

To discuss how we can ensure your business is compliant, please contact us using the form below:

Enquire now