SIFARIS has highly competent consultants who help you to express your needs, to understand what is at stake and to qualify and measure the risks linked to your area of activity.
For example, recent regulations (Bâle II, EUROSOX, AMF (stock market regulators) have imposed on credit establishments the creation of evaluation tools covering all potential risks. On top of this they are facing the exponential development of asset management and portfolio management. The more sophisticated products become, the more specific tools are required to evaluate and control risks. SIFARIS is particularly competent in the area of information risk management tools and internal controls, which comply with regulatory requirements.
Together we will identify your safety objectives case by case and offer a solution adapted to the your workforce
- Banks: Bâle II, LSF
- ISO 27001/27002/27005
- ISO 20000
- Protection of information policies
- Governance (COBIT)
Taking into consideration specific IT needs for each area within a company, SIFARIS is able to give you personalised, value added advice.
- Organisational safety audits
- Risk evaluation of your Information Technology
- Providing awareness, communication and training on information protection for your employees
The compiling of an IT safety policy is just one of the stages in the development of such a policy for which other tasks are necessary:
- The prior analysis of the company’s safety objectives
- Validation of these objectives by Management
- Analysis of existing status in order to identify measure to be taken
- Compiling the safety policy
- Writing the procedures necessary for the policy to be carried out
- Developing the action plan needed to activate the safety policy
- Creation of safety evaluation follow-up measures
- Chart for the correct use of information resources
- Ensuring awareness of users
SIFARIS is present with its know-how at each stage of the development of the safety policy, adhering scrupulously to the ISO 27001 standard.
SIFARIS is active in these projects and its team members, who will be advising you, are certified ISO 27001 and are experienced in information risks.
Our IS risk analysis and diagnostic services can easily be incorporated into a more wide-reaching project such as the development of a safety policy or an information help/assistance plan.
Our consultants use recognized methods for these analyses such as COBIT, EBIOS, ISO 27001… and can also use a personalised approach adapted to your situation within the framework of an information help/assistance plan.
All large businesses are now aware of their information systems security problems. Most of them rely on one or several members of the team to manage security. The Information Technology Security Manager is by definition the “Mister Security” of the company.
Medium sized businesses or subsidiaries of groups are aware of the risks but do not always have a dedicated IS Security Manager (too costly). The IT Manager is in charge of security but has little time to devote to system risks due to the day-to-day running of the IT system and is therefore unable to devote time or plan the correct handling of problems.
To meet these needs, SIFARIS has developed a special “External IT Security Manager” package. This plan offers companies a specialised ISO 27001 Consultant, whose mission is to progressively increase the company’s level of security, while using PDCA (plan, do, check, act) based on the company’s means, constraints and objectives.
The Consultant works with the person carrying out the IT Security Manager function or the IT Manager throughout the year, offering advice and support on specific problems.