Featured Case Study:
Terrabit Networks ISO 27001 Certification with Privasec
Privasec is now a Sekuro Company
Founded in 2006, the primary asset of Terrabit Networks is their highly skilled and dynamic team of information and communication technology (ICT) experts who design and implement quality-oriented systems. Headquartered in Singapore, Terrabit Networks brings innovative system, storage, cloud-enablement and network integration solutions to the country and the Asia-Pacific region.
Why ISO 27001 Certification
Terrabit Networks provides products and services primarily in the Telecommunications and ICT sector (Information & Communications Technology), where information security is highly prioritised.
By establishing an ISO 27001-certified ISMS, Terrabit Networks looks to elevate its information security processes and strategies in accordance with industry best practices. This allows them to better protect and ensure the safety of its information, including customers’ data and internal confidential information.
Furthermore, the attainment of ISO 27001 Certification serves as a testament for Terrabit Networks’ commitment in ensuring information security and provide security assurance to its clients from highly regulated sectors.
Why privasec
Privasec is an ISO 27001 and ISO 9001 certified independent cyber security consulting firm with a Governance, Risk and Compliance (GRC) team of highly experienced and certified professionals, with an average of 10 years of cyber security consulting experience between them. We have great expertise and a proven track record of implementing an Information Security Management System (ISMS) that is certifiable to ISO 27001.
Privasec is such a Partner! We had full confidence in Privasec’s capability to get us certified in record time! We knew our ISMS certification process was in the right hands.
Our approach
Establishment of Risk Management Framework for continuous monitoring and effective risk mitigation strategies
Privasec conducts an Information Security Risk Assessment with Terrabit Networks through meetings and reviews with relevant stakeholders.
The assessment aims to identify, assess, and quantify Terrabit Networks’ existing state of risks, from which a gap analysis is performed to determine the different risk areas and to what extent the risks must be addressed. This includes threats, vulnerability, and impact analysis, which helps to determine the most cost-effective approach for Terrabit Networks’ risk mitigation strategies and remediation budgets.
The existing security controls of Terrabit Networks are also assessed to determine the extent to which they meet the desired state of security objectives for risk mitigation.
With these assessments and information in place, Privasec guides Terrabit Networks in establishing a robust risk management framework to allocate their security investments efficiently. In addition, advice on practical risk management practices is also provided to Terrabit Networks for their implementation to mitigate their security risks to an acceptable level, as set out by their security objectives.
Implementation of Robust Information Security Programme to protect and secure information assets.
Privasec works closely with Terrabit Networks’ information security manager to implement an information security programme aligned with the information security strategy.
In the engagement, Privasec drafted the initial core documents for the implementation of the management system and guided the team to formalise their information security policies with defined processes and procedures, following industry best practices and standards such as NIST.
Encompassing the entire organisation, the information security program sets out to execute the strategy and achieve the organisational goals of Terrabit Networks to ensure an acceptable level of risk and business disruption. It outlines all activities that serve to protect the organisation’s information assets, including the development and ongoing management of the diverse information security-related activities, processes, and projects.
With the implementation of an effective information security program, Terrabit Networks is able to secure its information assets, develop continuous monitoring processes with associated security metrics and establish a defined roadmap to achieve its security goals.
Internal Audit and Management Review by qualified professional to identify potential gaps and areas for improvements
Prior to the external audit by the certification body, Privasec conducts an internal audit session to review the implementation of the security controls as outlined in the ISMS. This is to identify any potential non-conformances and gaps and prepare Terrabit Networks for the external audit.
The audit findings are reviewed in the management review meeting, where the assets, risks and action registers are updated accordingly. Detailed guidance is also provided to ensure that the relevant controls and security are in place within the ISMS.
When we first engaged them, they introduced the Team who was going to work with us. We saw that the consultants come with the highest credentials and experience, and they went to the extent of providing us a project schedule and clear milestones to help us achieve our objective of getting certified within 3 months.
It was a pleasure working with them!
At Privasec, our team of consultants hold various qualifications like ISO 27001: 2013 Implementers and Lead Auditors, Certified Information Systems Auditor (CISA), Certification Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP).
The consultant-in-charge for this engagement is Angela Yuen, our senior consultant, who is an accredited ISO 27001:2013 Lead Auditor, CISA and CISSP.
tHE RESULTS
Competitive advantage by demonstrating the commitment to ensuring information security and providing security assurance to clients and stakeholders
ISO 27001 is an internationally recognised standard for ISMS, for which being certified demonstrates Terrabit Networks’ commitment to ensuring information security and risk management. With relevant security controls in place to ensure the security triad (Confidentiality, Integrity, and Availability) of the information assets, Terrabit Networks can provide existing clients and stakeholders the security assurance for their data.
To add, it assures that Terrabit Networks promotes compliance for commercial, contractual and legal requirements as outlined in Annex A.18, Compliance of ISO 27001:2013 Annex A Controls.
Note: Annex A.18, Compliance, requires that an organisation adheres to all relevant control objectives, control policies, processes, and procedures, whether legal, regulatory, contractual, or self-imposed, in ensuring that information security is enforced and managed.
This is advantageous for organisations like Terrabit Networks with clients from the highly regulated sectors, and that contractual requirements for vendors often mandate the need for information security compliance.
Robust Security Foundation To Prepare Terrabit Networks For Long-Term Success
The ISO 27001-certified ISMS forms an excellent security foundation for Terrabit Networks, where risk management practices and security strategies are integrated within the organisation.
Implementing a risk management framework establishes an ongoing commitment for Terrabit to ensure the continuous monitoring and management of risks to an acceptable level.
Furthermore, this prepares the organisation for long-term success where a sound ISMS acts as a good basis for Terrabit Networks to pursue other security standards and attestations and meet regulatory requirements.
Our Credentials
Related Posts:
