Security and Compliance

Security and compliance is where trust begins

System landscapes and business processes are complex, interconnected and have different maturity levels. With the constant threat of cyberattacks and data breaches it is today’s top priority to protect our valuable system assets and maintain the trust of customers and stakeholders. Identifying and mitigating the risks, implementing the right governance model and adhering to security compliance standards are the answer to these challenges.

Igentiq can assist you to secure your software landscape and additionaly align your business processes and organisation to meet security requirements or standards.

How we maximize security in your business software

  • Software security risk maturity

    We look for potential security risks within and around your systems and processes. In this risk and maturity assessment, we identify where your technology, processes and people are exposed - and the technical and administrative controls you need to implement in order to reduce the likelihood and consequence of cyber attacks. We check if suppliers and vendors comply with security requirements. We map the existing business processes to find any risk exposure and we identify the gaps with the desired processes.

    To assess your software security we use well known principles such as described in OWASP Software Assurance Maturity Model , OWASP application security checklist and we identify your software Common Vulnerability and Exposures (CVE"‘s)

  • Mitigating security risks

    Once we have identified potential threats, we work closely with your team to develop customized solutions to mitigate these risks. This may involve implementing security measures, adopting best practices, and ensuring that your organization is prepared to respond effectively to security incidents. We create policies and procedures, implement the necessary supporting tools and clearly define responsibilities and accountabilities for information security.

  • Governance and compliance

    Commitment to rigourous security requires implementing good governance and it is advised to achieve compliance with industry recognized standards.

    Igentiq currently provides guidance and support for ISO27001 and ISAE3402 SOC 1, 2 certifications.

    ISO 27001 requires for an organisation to have an Information Security Management System (ISMS) which is a prescribed set of security measures. ISAE 3402 however is focused on demonstrating that customer (financial) data protecting security measures have been implemented effectively.

ISO27001 and ISAE3402 explained:

  • ISO 27001 is a globally recognized framework that helps organizations safeguard their sensitive information and manage information security risks.

    It outlines a systematic approach for identifying potential security threats, implementing protective measures, and continually monitoring and improving security practices.

    By complying with ISO 27001, organizations demonstrate their commitment to maintaining the confidentiality, integrity, and availability of their information assets, which can enhance trust among customers, partners, and stakeholders.

  • ISAE 3402 (International Standard on Assurance Engagements 3402) is an international standard for reporting on controls at service organizations. It is used by service providers to demonstrate the effectiveness of their internal controls to their clients and stakeholders, typically in the context of financial reporting.

    SOC 1 and SOC 2 (Service Organization Control) are two types of reports that adhere to ISAE 3402.

    SOC 1 reports are focused on controls relevant to financial reporting. They are used to assess and report on the internal controls that may impact a client's financial statements.

    SOC 2 reports on the other hand, are broader and cover controls related to security, availability, processing integrity, confidentiality, and privacy. These reports are used to evaluate the security and data protection practices of a service organization.

    In summary, ISAE 3402 is the international standard for reporting on controls at service organizations, while SOC 1 and SOC 2 are specific types of reports that follow this standard but focus on different aspects of controls and compliance.