Information technology compliance and security
We help your company identify and assess IT security risks and develop a control environment which complies with South African legislation as well as with international standards. Risk X assists your company in forming a clear and true picture of the value-creating potential, weaknesses and future challenges related to your organisation’s information technology. Our services prepare your organisation for the early detection and standard-compliant management of risks which arise during its business operations. As independent auditors we can verify the adequate operation of your organisation’s IT systems for supervisory authorities.
Our Audit and Advisory Service Offering
GENERAL DATA PROTECTION REGULATION
If you work with data from UK citizens, you should already be compliant with the UK Data Protection Act. However, from May 2018 the new General Data Protection Regulation will be brought in by the EU. Most companies are not prepared for the effects that this will have on their business. Our team specialises in all aspects of the requirements from discovery of data locations, to a Privacy Information Management System (PIMS) framework, to the security of the systems that this information is housed on. We use recognised standards and techniques with basis in management consulting, advisory, assurance and forensics services.
PCI DSS QUALIFIED ASSESSOR
PCI can be expensive for any organisation, but the larger you are and the more geographically spread the worse the problem becomes. Our advisory consultants work on payments consulting first, and then reduce the scope of environment to the smallest possible footprint whilst still allowing you to trade. In this manner you may be able to get the solutions to pay for themselves, increasing your security, reducing breach risk and ensuring your future as an organisation. As a PCI QSA company we offer both advisory and audit services in this area.
OUTSOURCED DATA PROTECTION OFFFICER
The General Data Protection Regulation and the Data Protection Act 2018 has ramped up the standards for handling personal data. This has made Data Protection Officers (DPO) compulsory for many industry verticals. You may be one of them. Or if you aren’t, you still might want the kind of support that a DPO can provide or just extra support for your data protection lead. Risk-X can provide you with the assurance and backup that you require on an ad-hoc or scheduled basis with one of our Outsourced Data Protection Officers.
ISO27001:2013
ISO27001:2013 ISO 27001 is the foundation/cornerstone of information security used for commercial and government solutions and engagements. This is a pre-requisite for many companies as it demonstrates commitment to data security. Risk-X has developed methodologies over many engagements that assist with governance, policy and the technical controls required. These are streamlined to ensure speed and agility while allowing demonstrable security, in order to pass certification if required.
OUTSOURCED CISO
OUTSOURCED CISO Chief Information Security Officers (CISO) provide an essential function in an organisation as the the source of security expertise. CISO assist and provide quidance with integration of security within business processes. Establishing and retaining the necessary in-depth knowledge can be difficult and expensive for an organisation. Risk-X can provide you with the assurance and backup that you require on an ad-hoc or scheduled basis with one of our Outsourced CISOs.
PCI P2PE QUALIFIED ASSESSOR
Risk X is an experienced advisor, and PC SSC qualified assessor of PCI Point-to-Point Encryption (P2PE) Solutions and P2PE Components. Though secure encryption, these solutions significantly reduce merchants’ PCI DSS validation efforts, while providing robust protection of cardholder data from its encryption at the POI device until its decryption at the Decryption Environment.
