Our Group is offering consultancy and implementation services for:
- Information Security
- Business Continuity
- Data Privacy and GDPR compliance
- PCI DSS compliance
- Operational Risk management
- IT governance
- Regulatory compliance and standardization
- BS 25999, ISO 27001, ISO 22301, PCI DSS / PA DSS, ISO 20000,
ISO 29100, ITIL, COBIT.
- GDPR, EU and national regulations
- BS 25999, ISO 27001, ISO 22301, PCI DSS / PA DSS, ISO 20000,
- Cloud assessment and certification services
- CISO, DPO externalization
- IT auditing
- Education and awareness trainings
- Tender preparation, pre-sales and sales support services
- Project preparation and management services
- Solution design and specification services
- Implementation services
- Testing services
- Support services
1. INFORMATION SECURITY
Information Security Management System (ISMS) ensures confidentiality, integrity and availability of information. ISMS is based on the PDCA model, it covers all phases –Plan, Do, Check, Act, and ensures information risk management and increases business process consistency and continuity. ISO/IEC 27000 standards define all information security aspects, themost notable one being ISO/IEC 27001:2013, which defines requirements for implementation of ISMS.
Services we offer:
- Defining and implementing ISMS policies.
- Identification and assessment of data and information
- Risk assessment and management
- Implementing security measures
- Defining Statement of Applicability – SOA document
- Defining all needed procedures and documentation required by ISO 27001
- IT and ISMS auditing
- Security awareness and training
- Project management
2. BUSINESS CONTINUITY
Business Continuity Management System – BCMS is designed to ensure that companies can strategically plan and respond to disruptions of critical processes and minimize theirnegative impacts. This ensures intact stakeholders’ interest, brand, reputation and value-adding activities. We conduct implementation of BCMS according to requirements set underthe BS25999 international standard, as well astheISO 22301 standard. This also ensures compliance withregulations particularlysignificantin the financial sector typically issued by national banks or relevant agencies.
Services we offer;
- Defining BCMS documentation
- Risk management and assessment
- Business Impact Analysis – BIA,
- Defining recovery plans for processes and IT services
- Recovery plans testing
- Education and awareness training
- BCMS maturity level assessment
3. Data Privacy and GDPR compliance
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union, and the European Commission strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. When the GDPR takes effect, it will replace the 1995 Data Protection Directive (Directive 95/46/EC). Large fines that can reach up to 20 million EUR or 4% of yearly international turnover (whichever is greater) are only some of the novelties within the new EUregulation – General Data Protection Regulation (GDPR) which provide motive for companies to achieve and maintain compliance with the Regulation. Verso Altima consultants have extensive expertise in data privacy and information security and use that experience to help our Clients with various GDPR compliance projects.
Verso Altima Group offers:
- PII data maturity assessment
- Detailed GDPR GAP analysis, risk assessment (per products/technologies and processes) and remediation plan development
- PII management improvement program – program design, implementation, privacy by design tools consultancy support, continuous support
- Training of DPO and awareness of other employees regarding the importance of PII
- Implementing or updating organizational and technical measures through secure data processing and relevant international standards
- Data Privacy outsourcing services
4. PCI DSS COMPLIANCE
Payment Card Industry Data Security Standard (PCI DSS) is developed by card schemes representative authority PCI Security Standards Council (PCI SSC) in order to protect their users. PCI DSS obligates all subjects in the credit card business (salespersons, banks and service providers) to protect card owners’ data. All banks and service providers must be certified by qualified security assessors (QSA) and approved scanning vendors (ASV), in order to retain the right to process card payments. Global payment systems have given their responsibility to banks and service providers to assure their compatibility with the PCI DSS. The names of certified providers are listed on VISA and PCI Council official web sites to show their clients that their systems are safe. Incompatibility with the standard entails financial penalties and the possibility of complete exclusion from the credit card business. PCI DSS goals are:
- To promote, protect and increase security of cardholder data.
- To prevent and minimize losses due to card security incidents
- To protect card schemes brands, and those of their clients and partners (banks, processors, service providers,)
- To increase level of information security
5. OPERATIONAL RISK MANAGEMENT
IT risk management significantly influences the quality and success of project management, which is an important factor for a successful market position and requires the existence of clear, measurable and iterative risk management processes. Risk management process includes planning, organizing, leading and managing resources in order to optimize risk levels according to affordable company risk appetite.
Services we offer:
- Defining the scope of risk assessment, gathering information on thehistory of incidents occurred, defining risk thresholds and tolerance levels
- Defining risk methodologies and processes
- Identification and evaluation of information assets
- Identification of threats and vulnerabilities
- Risk assessment
- Risk mitigation
- Assessment of externalization risks
- Implementing process and systems for continuous improvement of risk management process
6. IT GOVERNANCE
Traditionally, when implementing IT systems, companies would mainly act in a way that would be defined by a particular application or system or according to the preferences of IT experts and then try to adapt to business requirements and capabilities of applications. Of course, such an approach is not business-driven and it is often not aligned withcompany strategies, especially in today’s conditions, and therefore successful companies choose the best practices and standards in the domain of IT management to achieve key business advantage. Standards like ITIL, COBIT, and ISO 20000 define a set of processes implemented to achieveefficient IT management. However, during the implementation itself, appropriate expertise must be used to customizethe implementation process forindividual organizations, to ensure that such an implementation can actually achieve a business benefit for the company.
IT management is achieved by:
- Defining the framework for the process of improving the IT services
- Increase the reputation and perception of the company towards the environment and users.
- Reduction of IT risk
- Creating preconditions for optimal IT investment
7. COMPLIANCE TO REGULATIONS AND STANDARDS
Due to globalization, regulatory requirements (eng GDPR, Basel II / III, Solvency II) arise continuously, and are then implemented in certain sectors through national regulations or directives or through the implementation of processes prescribed by international standards, with the aim of achieving a competitive advantage.
Services we offer:
- Consulting, IT audit and CISO outsourcing
- Implementation of the process, i.e. harmonization with standards of information security and IT management, like:
- PCI DSS (Payment Card Industry Data Security Standard) – Card Security Standard
- PA DSS (Payment Application Data Security Standard) – A standard for the security of card applications
- BS 25999 / ISO 22301 – Standards for business continuity assurance
- ISO 27001 – Information Security System Standard
- ISO 29100 – Standard Data Privacy Framework
- ISO 20000 – Standard for IT Services Management
- ITIL – a set of best practices for managing IT services
- COBIT – the best practices for managing IT systems
Regulatory and standards compliance achieves:
- Avoiding penalties and sanctions due to non-compliance
- Using best practices
- Optimization of business processes
- Increase company reputation and brand value
8. CLOUD PROVIDER SERVICES ASSESSMENT AND CERTIFICATION
It is a real challenge to choose the best Cloud service provider for your needs among the vast offer on the market. Cloud services are often provided in an extremely complex constellation unrelated to the location of users and providers. For example, in order to preserve the sovereignty of data, it is necessary to determine whether a software service provider in the buyer’s state uses certain resources (such as processing and storage capacities) abroad, thus making them subject to special fiscal requirements and data protection requirements. The EuroCloud Star Audit scheme evaluates Cloud Services in accordance with a well-defined and transparent catalog of criteria. The result of this audit process shows the appropriate level of maturity and compliance of Cloud Services. A certification procedure is based on best practices and provides answers to the core issues of the manager, who will most likely find them in search of a suitable cloud service provider. Unlike pure auditing of security or data protection, it covers a full range of Cloud service functions and confirms compliance with requirements in a clearly understandable language and terms. Services we provide: As an authorized partner of Euro Cloud Star Audit organization and certification scheme specifically designed for Cloud Service estimation, we offer assessment of the maturity of Cloud Services of our Clients and certification.
9. CISO EXTERNALIZATION
All companies, either due to regulatory requirements, or because of information security management or business continuity, have a CISO (Chief Information Security Officer) role in the organization which is responsible for managing, coordinating and supervising information security management. Companies often have the opportunity to outsource the role of CISO to better manage the cost of such a job and ensure that the job is carried out by a qualified person / partner company with the necessary knowledge and extensiveexperience in managing the security of information systems.
Typical activities we provide through CISO outsourcing:
- Conducting all aspects of information security management systems
- Creating / enhancing information security documentation
- Risk assessment
- Implementation of security measures
- Reporting to the board members regarding ISMS
- Perform security awareness & training
- Monitoring and coordination of information security related activities
- Harmonizing security objectives with the information security system strategy
- Security incident management
- Collaboration with internal (audit, IT) and external associates (audits)
10. IT AUDITING
Regulatory requirements (eng EU, national legislators, national banks, supervisory agencies) require a regular internal audit of the information system. The audit is carried out according to regulatory requirements, i.e. according to relevant world standards for information security and IT management. For auditing purposes, tools for statistical data analysis may be used or CAAT (Computer Assisted Audit Techniques), along with checking the adequacy of the existing documentation and its implementation, infrastructure and operations analysis, patch management, system upgrades, change management and incident management, business continuity management, IT risk management, administration of applications and databases, etc.
After the system audits are carried out, reports on audit findings, recommendations for implementation of measures, and plan and prioritization in the implementation of measures are produced.
At Verso Altima Group, we offer education in the following areas of expertize:
- Implementation of information security management system,
- Implementation of a business continuity management system,
- IT process management and COBIT,
- PCI DSS / PA DSS Compliance,
- GDPR and Data Privacy,
- Security awareness programs.
12. TENDER PREPARATION, PRE-SALES AND SALES SUPPORT SERVICES
Assistance in the process of composingbusiness, functional and non-functional requirements in a functional area of our expertize; technical pre-sales and sales services for the purpose of making offers for solutions and products our Group is covering.
13. PROJECT PREPARATION AND MANAGEMENT SERVICES
Based on PMI methodology, results-oriented, for companies looking to implement business enhancing, waterfall, agile or hybrid PM services to improve project performance, bringing clients the expertise and tools needed to create, execute and finish value-driven projects.
14. SOLUTION DESIGN AND SPECIFICATION SERVICES
Analysis of requirements, fit-gap analysis with targeted technical solution, consolidation and clarification of the requirements with the client, consolidation and high-level and low-level design documents, development specifications and functional blueprint documentations.
15. IMPLEMENTATION SERVICES
Installation of software, operating systems, database systems and clustering software; setup and configuration; customization, development and integration or software solutions based on the design and specifications.
16. TESTING SERVICES
Covering all aspects of software testing; built-time and unit testing, system tests, interoperability integration testing, automated frontend tests, end-to-end solution testing.
Determination of the appropriate migration and rollout strategies, planning, implementation and execution of migration and rollout activities.
17. SUPPORT SERVICES
Post go-live services, operation support services and proactive and reactive maintenance support services.