ScienceSoft Healthcare icon ScienceSoft Healthcare ScienceSoft Finance icon ScienceSoft Finance

17–19 June: ScienceSoft at World Health Expo Miami. Meet us there!

email contact@scnsoft.com en flag +1 214 306 68 37
en flag +1 214 306 68 37
Contact us
ISO 27001 Pre-Audit for an International Financial Technology Company

ISO 27001 Pre-Audit for an International Financial Technology Company

Industry
BFSI, Investment, Payments

About Our Client

The Client is an international B2C fintech company with offices in the US and Europe.

Challenge

To enable financial transactions for their clients, our Client needed to comply with CCPA, GLBA, and other laws and regulations. To ensure the level of information security required by the regulations, the Client needed to obtain the ISO 27001 certificate and wanted to check the readiness of their information security management system for the ISO 27001 compliance audit.

Solution

ScienceSoft’s team of certified financial IT security consultants performed the gap analysis of the Client’s information security management system in accordance with ISO 19011, an international standard for audits of management systems. They used ScienceSoft’s proprietary checklist built according to the requirements of Annex A controls of ISO 27001. The gap analysis took around 2 weeks. The analysis included:

  • Interviewing the Client’s senior management, as well as heads and employees of the Information Security Department, Legal Department, Software Development Department, and ICT Department to discover the Client’s inner processes related to information security.
  • Auditing the Client’s currently used security management and compliance management tools.
  • Analyzing the Client’s information security documentation needed for ISO 27001 compliance, including:
  • Information security policy.
  • Data protection policy.
  • Access control policy.
  • Information security incident management policy.
  • Information security risk management policy.
  • Physical security policy, etc.

ScienceSoft’s IT security consultants revealed the following gaps in the Client’s information security documentation:

  • Lack of documented policies needed for ISO 27001 compliance.
  • Omissions of policy statements required for ISO 27001 compliance in the Client’s existing documents.

ScienceSoft recommended the following remediation actions to the Client:

  • Eliminate omissions in the existing policies.
  • Establish the missing information security processes required by ISO 27001 and develop policies for them.

At the finishing stage of the project, ScienceSoft conducted an online presentation to walk the Client through the gap analysis results and answer their questions.

Results

The Client received a gap analysis report similar to the ISO 27001 compliance audit report, containing discovered inconsistencies in their information security documentation and detailed practical recommendations on the remediation actions.

The report helped the Client fill the gaps in their information security management system to prepare for the ISO 27001 compliance audit. Our IT security experts provided consulting support to the Client during the gap remediation process.

Methodologies

Q&A sessions, analysis of documents.

Investment IT Case Studies Payment IT Case Studies Cybersecurity Case Studies

Have a question for our team or need help with your project?

Our team is ready to provide client references, estimate your project, or answer any other question related to your IT initiative.

Drag and drop or to upload your file(s)

?

Max file size 10MB, up to 5 files and 20MB total

Supported formats:

doc, docx, xls, xlsx, ppt, pptx, pps, ppsx, odp, jpeg, jpg, png, psd, webp, svg, mp3, mp4, webm, odt, ods, pdf, rtf, txt, csv, log

Preferred way of communication:

Get in touch instantly

Call us Email us WhatsApp Live chat