soteria health check
Information Security Compliance Assistance
The Complexities of Compliance
Soteria can help guide organisations through the complexities of Information security compliance and Data Privacy Assurance. This is a complex area: there are many threats and risks in the cyber environment, and most organisations must also grapple with multiple compliance requirements. Some examples include listing requirements (SOX, J-SOX), industry requirements (GMP, MAS 634, HIPPA, and GLBA), data privacy requirements (GDPR, SOX s404), information security standards (ISO 27001, FISMA, COBIT), audit requirements (SAS70, AGS8) and at times other standards such as ITIL, PMP, CMM.
It is difficult for any organisation to navigate this compliance maze. Often organisations end up duplicating their compliance efforts, without achieving a sustainable compliance process. Soteria adopt a risk based approach to determine the scope and aid compliance with any defined regime.
The need for compliance
In many cases, compliance to an industry or listing requirement is not an option, it is a prerequisite of doing business. Even non-mandatory compliance with information security standards and a demonstrable application of data privacy controls help with customer confidence and demonstrate the maturity of your business and IT processes.
How Soteria can help
Soteria provide assistance in designing and implementing IT processes and controls to achieve compliance with various standards. We can align your business processes and SAP configuration settings with organisational policies. Our approach is based on our understanding of best practice in IT process and controls.
A company’s IT security policy should specify mandatory software requirements for things such as minimum password length, password strength, number of password fails allowed before account lockout, etc. These requirements should be followed by all applications, and SAP is no exception. In SAP, these settings are configurable and can be controlled using system parameters and by adoption of our Baseline Security Configuration.
Soteria perform a Compliance Gap Analysis and a Risk Identification exercise as part of any engagement. This helps us use existing IT processes and controls and minimise the changes required to achieve compliance. We are specialists in many compliance standards and we strive to provide an efficient cost effective compliance pathway.