IT Services

IT Audit

Cybersecurity

Dataprotection (GDPR) & DPO

ISO 27001 Information Security

i

SOC Reporting

Data Analytics - Process Mining

IT Audit

Every organization (large or small) needs to sufficiently understand and control the IT risks. These risks may relate to information security, data privacy, but also to IT governance, risk management or project management. If IT risks are not adequately managed, they can have a negative impact on your organization’s profitability and reputation.

Our IT audit team can provide reasonable assurance on the efficiency, effectiveness and security of information systems. We can support your IT department or Internal Audit function by performing full audit assignments or by insourcing specific profiles with the necessary expertise.

How can we help you?

Our audit team has the necessary expertise and experience to evaluate, among others, the following audit domains:

  • Cybersecurity
  • Information security
  • Compliance (GDPR, NIS…)
  • Business Continuity Management & Disaster Recovery Planning
  • IT Governance
  • IT Risk Management
  • Portfolio and Project Management
  • IT Service Management
  • ERP & Financial Systems
  • Cloud Security

 

Cybersecurity

Any business can fall victim to cybercrime, regardless of its size or sector. But how can you, as an enterprise, best protect yourself against the diverse and rapidly changing cyber risks.

  • Do you have a full understanding of the cyber security risks to your business and are they adequately met by current security measures?
  • What are the most important, unacceptable, security risks to your enterprise?
  • What concrete security measures does your enterprise need to implement and, taking into account your priorities, objectives and budget, what is the best way to do so?
  • Are you sufficiently prepared to cope with a cyber attack, should you become a victim sooner or later.

 

How can we help you?

Our experts can support you with, among other things:

  • Network vulnerability assessments
  • Web application vulnerability assessments
  • Penetration testing (ethical hacking)
  • Cybersecurity trainings
  • Set-up and evaluation of policies and procedures (e.g. cyber incident response procedure, cybersecurity policy,…)
  • The establishment of an information security framework within your organization.

 

Data security (GDPR) & DPO

Digitalization of our business processes leads to a sharp increase in available data. At the same time, organizations are confronted with data breaches and cyber attacks as well as increasing demands and expectations from legislators (GDPR). If insufficiently controlled, these risks can have a negative impact on the profitability and reputation of the organization.

Data privacy is not an exclusively legal story, but must be addressed organization-wide with not only the necessary attention to the security of your business critical data (and thus personal data), but also to the procedures surrounding the processing of these data and the necessary awareness, knowledge and expertise of your employees.

Some organizations need or want to call upon a Data Protection Officer (DPO), also known as the Data Protection Officer.

How can we help you?

Our teams consist of experts in IT security and Data Privacy. We can support you with:

  • GDPR Audit: this is rather a ‘baseline measurement’ where the current situation is mapped and where it is evaluated to what extent you are (not) compliant with GDPR legislation. Based on the audit, concrete recommendations are formulated to close the ‘compliance gaps’.
  • Data Protection Officer (DPO): fully outsourced or in support of the internal DPO.
  • Data Protection Impact Assessment (DPIA): we advise you whether or not a DPIA is recommended and support you in its implementation.
  • GDPR implementation: we support you in drawing up a roadmap with actions and projects to be compliant with GDPR. We can also support you in implementing the control measures (organizational, IT-technical, legal).

 

ISO 27001 – Information Security

By setting up an Information Security Management System (ISMS), an enterprise can adopt a systematic and risk-based approach that takes into account the roles and responsibilities within its own organization, the processes and the supporting IT systems to secure your information. Such an approach addresses information security risks and is also a viable option for any organization, large or small.

How can we help you?

With our expertise in information security and risk management, we help you with:

  • Setting up an information security system within your company;
  • preparing and guiding your company to obtain the ISO27001 certificate;
  • evaluate your information security system and formulate concrete recommendations to increase its maturity.

 

SOC Reporting – ISAE3402/ISAE3000

Many organizations outsource one or more of their activities to service organizations that have the necessary resources and expertise. This often concerns activities that are not part of the core business of the organization and/or where security and continuity are of crucial importance.

If your company acts as a service organization, there is a chance that your customers will ask questions about the way your internal processes are organized. Your customers remain ultimately responsible and would like to obtain sufficient certainty about the necessary confidentiality, integrity and availability of your services.

A System & Organization Controls (SOC) Report (e.g. ISAE3402, ISAE3000) is an efficient way for you as a service organization to communicate to stakeholders, such as your customers, the necessary assurance on how risks are managed.

How can we help you?

Our experts can support you with, among others:

  • ISAE 3402 reporting
  • ISAE 3000 Reporting

Our experts can support you with, among others:

  • A competitive advantage;
  • Cost savings through integrated reporting;
  • Assurance with respect to the design and effectiveness of control measures;
  • Assurance of compliance requirements

 

Data Analytics – Process Mining

Your digitized organizational processes do not always run as planned or expected. This can for example cause the throughput time of your process to increase (efficiency) or the necessary controls to not be carried out or to be circumvented (effectiveness).

Process mining allows you to analyze the available data and provides new insights into the efficiency and effectiveness of your processes with just a few clicks of the mouse. In this way, processes can be better controlled and continuously improved.

How can we help you?

We start from your question, problem and context,

  • to identify and extract the relevant data from the IT systems.
  • Cleaning up and transforming the data
  • Loading the data into a process mining tool. The tool will automatically analyze the process data and allows you to quickly get an overview of the actual course of your process, the deviations with regard to the expected or desired process and the possible bottlenecks and inefficiencies that occur.

 

Your expert

gorik van den bergh
Gorik Van den Bergh

News