Need any help?
- 00971 04 5575528
- enquiry@nutrust.me
- Conduct Readiness assessment
- Review existing information security programs and systems
- Determine the scope of the ISMS
- Identify applicable laws and regulations
- Systematically examine your organization’s information security risks, threats and vulnerabilities
- Define information security policy and objectives
- Create an applicability statement
- Develop a risk assessment and risk treatment methodology
- Conduct Risk assessment, including treatment plan
- Design and developing coherent information security controls and strategies
- Provide Information Security awareness training
- Optimize and improve information security management
- Anchor MR function (Management Representative)
- Implement new programs such as internal audits and management reviews Simplified the process for measuring, reporting, Define KPI’s and infosecscorecard
- Provide advisory services
- Liaison with External auditors (surveillance & renewals)
- Conduct Internal Audits
- Provide Corrective and preventive actions (CAPA)
- Gap Analysis to assess the ASIS Vs TOBE status for compliance to ISO 9001:2015
- Determine the scope of the QMS
- Identify applicable statutory and regulatory requirements
- Apply Risk Based Thinking, identify risks and opportunities, and develop risk treatment methodology
- Define Quality Policy and objectives
- Design and develop appropriate documented information as per the requirements of organization and the standard.
- Provide QMS awareness training
- Process Improvement Programs
- Anchor MR function (Management Representative)
- Provide Internal Audit services
- Provide advisory services for Root Cause Analysis and Corrective Actions
- Liaison with External auditors (surveillance & renewals
- GAP Assessment
- Risk Assessment
- Risk Register along with Risk Treatment Plan
- Compliance validation
- Internal Audit
- Documentation; Develop Policy & Process
- Advisory & Consultation; Technology Implementation Support
- Readiness Assessment (determine the current state against the ADHICS standard)
- Cyber Risk Assessment
- Compliance Roadmap
- Develop Policy & Process, forms, templates, and related documents Advisory & Consultation
- Technology Implementation Support
- Risk mitigation support
- Internal Audit
- Continuous Compliance
- Principles relating to personal data processing
- Scope determination and application to your company
- Categories of Personal Data
- Rights of data subjects
- Obligations and Controllers and Processors
- Data Protection by Design
- Reporting Security Breaches
- Information Security standards
- Data transfer outside of the EU
- Consulting Service for compliance to HIPAA
- First Party and Second Party Audits
- Readiness Assessment
- Design and implementation of a data privacy framework
Overview
ISO/IEC 27001, is the international standard that defines best practices for implementing and managing information security controls within an information security management system (ISMS).
A leading international standard, ISO 27001 certification is one of the most relevant in the field of cyber security. Applicable to any company regardless of size and industry, the standard provides important guidelines in the area of planning, implementation, control and optimization of the information security.
ISO 27001 certification has two stages and includes an annual renewal:
Stage 1
Evaluates the right documentation and controls in place in order to progress to Stage 2.
Stage 2
Evaluates the evidence to prove your controls and ISMS are effective, and that they meet the ISO 27001 requirements. Passing Stage 2 results in an ISO 27001 certification. (change the pattern, but same steps, place it in sideways)
Our offerings
All our consultants, auditors and trainers have relevant qualifications within their own areas of expertise and their credentials are supported by several years of experiences in the implementation, auditing, and training of the Information Security Management System. e enable you to the achieve ISO/IEC 27001, contact our experts today.
Overview
ISO 9000 family of standards, the first ever Management System Standard, addresses various aspects of quality management and is most popular standard from ISO. If your organization is pursuing ways to improve the quality of products and services to consistently meet customers’ expectations, ISO 9001 is your next step. ISO 9001 sets out the criteria for a Quality Management System. It can be used by any organization, small or large, regardless of its area of operations.
This standard is based on seven quality management principles such as Customer focus, Leadership, Engagement of people, Process approach, Improvement, Evidence-based decision making, and Relationship management. Implementation and practice of Quality Management System enhanced the maturity level of organization from people dependent activities to a process-driven and system-dependent one that stimulate customer confidence on your ability to deliver pre-defined outputs.
Quality Management System serves as an internal strength and pivot to which improvement initiatives can be stemmed.
ISO 9001 has 2-stage assessment for certification
A Stage 1 Audit is usually conducted in 1-2 days onsite, most of the time. When an organization has more than one location the audit may occur at their head office. Stage 1 audit determines if the organization is ready for Stage 2 Certification Audit. The review includes documented information, organization’s site-specific conditions, and awareness of the personnel. The auditor will also review the scope, key processes, infrastructure, and level of control. Evidence of having a system established and adequacy of such system is assessed.
The Stage 2 Audit is conducted 1-2 months from Stage 1 to confirm a company’s QMS is fully compliant with ISO 9001:2015. The certification body analyzes each process within the organization for compliance with ISO 9001. This includes customer requirements, legal and organizational requirements. Duration of Stage 2 is determined by size of the organization, number of sites, and complexity of processes. If the certification body does not discover any serious nonconformances, the organization’s management system(s) will be certified.
Our offerings
Consulting Service:
Our range of services cover the entire spectrum of requirements of ISO 9001:2015 including QMS certification.
E2E till certification
Post certification continuous compliance
NESA Compliance
National Electronic Security Authority (NESA) UAE information assurance standards provide requirements to implement information security controls to ensure protection of information assets and supporting systems across all entities in the UAE. By complying with UAE IA standards, organizations can ensure the protection of information assets. The standard is developed based on Industrial standards such as ISO 27001, NIST and ISO 27032.
Our offerings:
Our experienced consultants can help your organization to define, implement and maintain NESA Compliance controls.
ADHICS Compliance
Our Offerings:
Assessment
Documentation
Advisory & Consultation
Compliance
GDPR Compliance
Overview
The General Data Protection Regulation (the “GDPR”) is a European data protection and privacy law adopted April 14, 2016, which became officially enforceable beginning on May 25, 2018.
The General Data Protection Regulation is a regulatory standard set to protect the data privacy rights of individuals of the European Union. It is a legal framework set for businesses collecting and processing the personal information of EU citizens. Under the GDPR Compliance, organizations need to ensure the personal data is legally collected as per GDPR requirements and further protect it from misuse and exploitation. Moreover, it calls for businesses that collect, process, and transmit personal data to respect the rights of data owners or face penalties for non-compliance. Organizations will have to face significant penalties of up to 4% of annual turnover or 20 million euros, whichever is greater for being non-compliant.
Our Offerings:
Our GDPR Compliance methodology addresses the following key aspects of the regulation.
HIPAA Compliance
Overview
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires medical practitioners and other healthcare providers who conduct electronic transactions to adopt necessary security measures to safeguard protected health information (PHI) in electronic form. The Rule is designed to safeguard confidentiality and integrity of data during the processing in your information systems and make it available to appropriate individuals.
We help our clients setting up three safeguards by applying most addressable specifications to most practices in a reasonable way Administrative Safeguards: These safeguards address operations and include assigning responsibility to someone for security and having policies and procedures in place to direct security efforts. Physical Safeguards: These safeguards address physical and facility related matters – locks and keys, siting of computers, disposal of electronic media, and generally how environment is made safe.
Technical Safeguards: These safeguards are focused on controlling access to systems and electronic PHI. Access control to information systems and specific functions, auditing persons who used the systems, and protect the systems from malicious software.
Our Offerings:
Business Continuity Management
Overview
Business Continuity Management can help organizations protect their reputation and increase their resilience in the face of adverse circumstances, whether internal or external. Business Continuity Management can help to protect the brand from a variety of risks, including cyber risks, deliver to customers as promised, and reduce downtime and the cost of recovery in the event of an incident.
UAE’s PDPL (Personal Data Protection Act)
Overview
The United Arab Emirates ('UAE') published Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data Protection ('the PDPL' with an effective date of 2 January 2022. The PDPL will be enforceable six months after the associated executive regulations ('the Executive Regulations') are issued.
The Personal Data Protection Law (PDPL) aims to protect the rights of individuals (data subjects or users) concerning their personal data, while also ensuring compliance with the principles of effective and responsible data protection.
The overall objective of PDPL is to ensure that all entities process personal data per the principles set out in PDPL. This includes ensuring that there is a legal basis for processing personal data, as well as ensuring that personal data is processed fairly, lawfully, transparently, and securely, including collecting, using, storing, sharing, transferring, or updating of personal data of UAE residents. In addition, safeguards should be put in place to protect personal data from loss, damage, or destruction.