Further to Our Compliance Journey   

November 1, 2021 by Mona Hammad

ISO/IEC 27001 updates

We have completed ISO 27001 stage two audit from October 12th to October 18th which has been conducted against ISO 27001, 27017, 27018 standards, internal documentation, legislation, and contractual requirements by reviewing documents and records, interviews, and auditor observations with a result of one minor non-conformity (NC) Annex 17.1.3 A Full rehearsal of the BCP and DR are not performed by the organization regularly. Also 14 OFIs (observation for improvement). DR test will be performed this week to close this minor NC and get our ISO compliance certificate. Furthermore, ISMS personnel are working to fix those OFIs before the surveillance audit next year to strive for a better organization.

UK Cyber Essentials, IASME Governance Certification

We are thrilled to announce that we are UK Cyber Essentials, IASME Governance, and UK GDPR (https://www.ncsc.gov.uk/cyberessentials/overview) certified, we have passed two self-assessments supported by the UK government’s National Cyber Security Centre. IASME Governance is risk based and includes key aspects of security such as incident response, staff training, planning and operations. IASME Governance incorporates Cyber Essentials assessment and an assessment against the General Data Protection Regulation (GDPR). The standard maps closely to ISO/IEC 27001 standard. We are now allowed to work on projects that require Cyber Essentials and UK GDPR certification.

SOC 2 Type 2 Audit

We are getting ready for the re-certification of our SOC 2 Type 2.  The audit will take place on December 1st and require two months of preparation, aiming to be certified by January 2022.