contact@scnsoft.com en flag +1 214 306 68 37
en flag +1 214 306 68 37
Contact us
ISO 27001 Pre-Audit for an International Financial Technology Company

ISO 27001 Pre-Audit for an International Financial Technology Company

Industry
BFSI, Investment, Payments

Customer

The Customer is an international B2C fintech company with offices in the US and Europe.

Challenge

To enable financial transactions for their clients, the Customer needed to comply with SOX, CCPA, GLBA, and other laws and regulations. To ensure the level of information security required by the regulations, the Customer needed to obtain the ISO 27001 certificate and wanted to check the readiness of their information security management system for the ISO 27001 compliance audit.

Solution

ScienceSoft’s team of 2 certified IT security consultants performed the gap analysis of the Customer’s information security management system in accordance with ISO 19011, an international standard for audits of management systems. They used ScienceSoft’s proprietary checklist built according to the requirements of Annex A controls of ISO 27001. The gap analysis took around 2 weeks. The analysis included:

  • Interviewing the Customer’s senior management, as well as heads and employees of the Information Security Department, Legal Department, Software Development Department, and ICT Department to verify the Customer’s inner processes related to information security.
  • Analyzing the Customer’s information security documentation needed for ISO 27001 compliance, including:
  • Information security policy.
  • Data protection policy.
  • Access control policy.
  • Information security incident management policy.
  • Information security risk management policy.
  • Physical security policy, etc.

ScienceSoft’s IT security consultants revealed the following gaps in the Customer’s information security documentation:

  • Lack of documented policies needed for ISO 27001 compliance.
  • Omissions of policy statements required for ISO 27001 compliance in the Customer’s existing documents.

ScienceSoft recommended the following remediation actions to the Customer:

  • Eliminate omissions in the existing policies.
  • Establish the missing information security processes required by ISO 27001 and develop policies for them.

At the finishing stage of the project, ScienceSoft conducted an online presentation to walk the Customer through the gap analysis results and answer their questions.

Results

The Customer received a gap analysis report similar to the ISO 27001 compliance audit report, containing discovered inconsistencies in their information security documentation and detailed practical recommendations on the remediation actions.

The report helped the Customer fill the gaps in their information security management system to prepare for the ISO 27001 compliance audit. Our IT security experts provided consulting support to the Customer during the gap remediation process.

Methodologies

Q&A sessions, analysis of documents.

Have a question to our team or need help with your project?

Our team is ready to provide client references, estimate your project, or answer any other question related to your IT initiative.

Upload file

Drag and drop or to upload your file(s)

?

Max file size 10MB, up to 5 files and 20MB total

Supported formats:

doc, docx, xls, xlsx, ppt, pptx, pps, ppsx, odp, jpeg, jpg, png, psd, webp, svg, mp3, mp4, webm, odt, ods, pdf, rtf, txt, csv, log

Get in touch instantly

Call us Live chat WhatsApp Email us

More Case Studies

Share:

facebook twitter linkedin