INCIDENT MANAGEMENT MULTI-NORM SECURITY BREACH
- Definition of multi-standard Incident Management procedures (GDPR, ENS, ISO 27001, PSD2, SREP, SWIFT, PCI-COUNCIL, VISA, MASTERCARD).
- Definition of Multi-standard Crisis Committees.
- Definition of Incident Triage and Escalation Procedures.
- Definition of Crisis Management Procedures.
- Definition of Communication Procedures (Regulators, Reference CSIRTs, Security Forces, Press, Social Media, Employees, Customers, Suppliers and other Interested Parties).
- Definition of Exercises and Tests.
- Internal audit of incident management processes.
- Alignment with best practices (ISO 27035, ENISA, NIST).
- Support for continuous improvement.
- In Project or Technical Office mode insite / offsite with continuous support.
BUSINESS CONTINUITY
- Preparation or updating of BIAs (Analysis of Business Impact).
- Risk Assessment with consequences on Availability.
- Determination of Continuity Scenarios.
- Definition of Business Continuity Plans.
- Definition of organizational structures (Roles, Committees, Procedures and internal regulations).
- Definition of Crisis Management and Communication procedures (Triage, Scaling, Stakeholders).
- Definition and accompaniment during Continuity Tests.
- Training and Awareness.
- Maintenance of the SGCN.
- Internal audit.
- Alignment with existing best practices (ISO 22301, ISO 22317, BCI, NIST).
- Alignment with legal, regulatory and contractual requirements (LPIC, NIS Law, sectoral regulations).
- Implementation of a SGCS (System of Management of the Supply Chain).
- Definition of a long-term strategy to guarantee the resilience of the organization.
- In Project or Technical Office mode insite / offsite with continuous support.
TECHNOLOGICAL CONTINGENCY
- Inter-relationship between the Map of Information Systems and the Process Map or the existing BIA.
- Determination of Continuity Requirements on the Systems (MTPD, MBCOs, RTOs, RPOs).
- Measurement of the Current Contingency Capacity (RTAs).
- Appreciation of the Risk on the Availability of the Systems.
- Determination of Technological Contingency Scenarios.
- Definition of Technological Compliance Plans (DRPs – Disaster Recovery Plans).
- Definition of Incident Management Procedures and Escalation Criteria to Crisis.
- Definition and monitoring during Contingency Tests.
- Training and awareness.
- Internal audit.
- Alignment with existing best practices (ISO 27031, NIST, BCI, ENISA).
- Implementation of a SGCS (System of Management of the Supply Chain).
- Definition of a long-term strategy to guarantee the resilience of the organization.
- In Project or Technical Office mode insite / offsite with continuous support.
SUPPLY CHAIN
- Analysis and understanding of the Supply Chain and the Risk derived from its Disruption.
- Establishment of Continuity Strategies to be applied for each Provider.
- Definition of procedures to guarantee the adoption of measures by the Suppliers.
- Implementation of a SGCS (System of Management of the Supply Chain).
- Definition of a long-term strategy to guarantee the resilience of the organization.
- In the form of Project or Technical Office insite / offsite with continuous support (Assurance).
CRITICAL INFRASTRUCTURES
- Drafting and updating the Operator Security Plan (OSP) and periodical updates.
- Drafting and updating the Specific Protection Plan (SPP) and periodical updates.
- Defining and integrating Crisis Management structures. (Crisis committee, Triage Procedures, Grading, Communication).
- In Project or Technical Office mode insite / offsite with continuous support.
NIS DIRECTIVE / NIS LAW
- Scope included In the application of the NIS Law in Essential Operators.
- Application of the NIS Law in Digital Service Providers (Online Markets, Search Engines, Cloud Computing Services, Internet Exchange Points – Internet Exchange Points -, DNS Service Providers).
- Alignment with initiatives within the framework of the LPIC.
- Definition or update of Incident, Crisis and Communication Management procedures.