Call Us

US East: +1 513 401 7107

US West: +1 213 279 1055

​UK: +44 2038 802 321

CH: +41 44 585 91 15

Email Us

Stay Connected

  • Grey LinkedIn Icon
  • Grey Facebook Icon

Where We're Located

35 Rockridge, Englewood OH 45322

Copyright (c) 2019 by Allendevaux & Company LLC.  

All rights reserved.

Information Security Management

Establishing and Implementing an Enterprise Compliance Framework

 

A rightly implemented enterprise compliance framework for any global company is a significant, achievable, and rewarding endeavor. ALLENDEVAUX specializes in several recognized frameworks, including these:
 

  • ISO/IEC 27001:2013 – Building an Information Security Management System (ISMS) with ISO/IEC 27002 Codes of Practice, NIST Controls, and other Recognized Controls
     

  • ISO/IEC 27017:2015 – Expanding an ISMS Control Set with Additional Control Objectives for Cloud Computing Security
     

  • ISO/IEC 27018:2014 – Expanding an ISMS Control Set with Additional Control Objectives for Personally Identifiable Information in Public Clouds that Acts as PII Processors
     

  • ISO/IEC 27032:2012 – Improving the State of Cybersecurity with International Controls for Network and Infrastructure to Achieve CIIP: Critical Information Infrastructure Protection

 

How We Can Help

 

ALLENDEVAUX will help an organization achieve certification starting with ISO/IEC 27001:2013, upon which other controls sets may be added such as ISO/IEC 27017 and others. Building a compliance framework through recognized international best practices is a companywide, holistic approach to asset protection; key stakeholders must involve executive management and sponsorship. When done rightly, this approach helps to:
 

  • manage risks through a methodology for identifying threats, identifying vulnerabilities, and implementing mitigations;

  • protect supply chain assurance;

  • illustrate evidence of best practices, demonstrating credibility when tendering contracts;

  • minimize financial loss, protecting organizations from destructive threats;

  • improve processes through a framework for implementing policies and procedures that are consistent, repeatable, and maintainable;

  • promote continual improvement, because once the system is implemented, the organize strives to improve protection of assets through a re-evaluation semi-annually or annually;

  • meet regulatory compliance with laws and regulations internationally; and

  • demonstrate worldwide recognition of excellence by employing an international framework with specific codes of practice.