Compliance
Black Cell Compliance

Black Cell Compliance offers its various services in the following service areas:

  • Risk Management
  • Control Maturity and Audit Readiness
  • Outsourced Services such as Information Security Officer and Data Protection Officer
  • Critical Infrastructure Assurance
SUBMIT INQUIRY
Services

Risk management

Our risk management services include:

  • Internal and external risk assessment
  • Risk management
  • Risk treatment planning

Who do we recommend risk management?

  • Organizations subject to Ibtv.
  • Financial institutions
  • Any security-conscious organization and business

Control maturity assessment

As part of the control maturity assessment, Black Cell Compliance:

  • Conducts an audit against the desired control framework
  • Identifies non-conformities, risks and opportunities
  • Develops and supports implementation of corrective measures
  • Establishes action plans and corrective measures

Who do we recommend control maturity assessment?

  • Financial institutions
  • Any security-conscious organization and business
  • Organisations aiming to obtain ISO 27001 certification

Methodologies and requirements for the basis of control maturity assessment

  • ISO/IEC 27001:2013
  • NIST SP 800-53
  • NIST Cybersecurity Framework (CSF)

Audit readiness

As part of audit readiness services Black Cell Compliance prepares its clients for certification or renewal audits.

The development of an ISO based management systems begins with audit preparation activities, consisting of the below phases:

  • Control maturity assessment
  • Process optimization, documentation, and control deployment
  • Management system operations (internal audit, risk management)

Critical Infrastructure Audit Assurance

Prior to designation:

  • Conducting an identification assessment and preparing an identification report

After designation:

  • Appointment of a security officer
  • Creation of an operator security plan based on risk assessment to the authority

Black Cell Compliance assures the enforcement of the above-described tasks with a high level of professionalism.

Privacy Readiness

With the General Data Protection Regulation (GDPR), businesses controlling personal data face a myriad of tasks. Black Cell Compliance team has outstanding expertise in data protection to carry out the following tasks:

  • Personal data discovery
  • Process optimization
  • Security controls implementation
  • Documentation
SUBMIT INQUIRY

Outsourced services

Data Protection Officer

Black Cell Compliance provides an outsourced data protection officer (DPO) to meet the requirements of the General Data Protection Regulation (GDPR), with the focus on the following categories:

  • Public authorities
  • Medical service providers
  • Data controllers whose main activities consists of regular and systematic large-scale monitoring of data subjects
  • Data controllers whose main activities involve extensive processing of special categories of personal data or criminal data

In accordance with the provisions of the GDPR the DPO’s main tasks are:

  • To inform and advise the controller
  • To monitor compliance with the GDPR
  • To provide advice as regards the data protection impact assessment
  • To cooperate with the supervisory authority and to act as the contact point for the supervisory authority on issues relating to processing

Black Cell Compliance offers all these tasks on a fully outsourced basis

Information Security Awareness

More than 90% of malware, harmful code or ransomware infiltrations are caused by unaware users. Junk mail and malicious attachments carry the potential for an incident that could hinder operations for extensive periods of time. The occurrence of information security incidents can be significantly reduced by ensuring information security awareness at all levels of the organisation.

As part of information security awareness, we provide information security awareness training, with the following focus areas:

  • Information security legislation, standards, internal regulations
  • Information security threats, risks and risk-averse behaviour
  • Business continuity training
  • Incident management training

We provide specialised trainings to raise awareness on specific topics or issues such as ransomware, crypto and cloud services.

We recommend information security awareness services for:

  • Organisations maintaining an information security management system
  • Organisations subject to the GDPR
  • Financial institutions
  • Critical infrastructures
SUBMIT INQUIRY
Information Security Management System (ISMS) implementation

An information security management system (ISMS) implemented in accordance with ISO/IEC 27001:2013 and ADHICS represents an established and constantly fine-tuned information security maturity.

As part of our services, we implement the ISMS with the following key steps:

  • Control maturity assessment
  • Process optimization
  • Security controls implementation
  • Documentation
  • Risk management
  • Internal audit and non-conformity management

As part of the project we ensure successful certification audit and subsequent renewal audits.

Business Continuity Management

It is vital to be prepared for events disrupting business processes to enable quick response and recovery. Black Cell Compliance’s Business Continuity Management services consist of:

  • Business impact analysis
  • Business Continuity Planning
  • Disaster Recovery Planning
  • Training and testing
  • Continuous improvement
  • Pandemic preparedness




Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS)

ADHICS stands as a strategic endeavor rooted in the national directive and mission to safeguard healthcare information at its very core. This standard plays a crucial role in upholding the confidentiality and reliability of the healthcare industry, while also bolstering public confidence to its highest level. ADHICS encompasses a wide array of components related to healthcare organizations, including:

  • Ensuring the security of human resources.
  • Safeguarding physical and environmental aspects.
  • Efficiently managing assets.
  • Overseeing operational processes.
  • Regulating access and communication control.
  • Protecting data integrity.
  • Managing data sovereignty and retention.
  • Ensuring third-party security.
  • Handling incidents related to information security.
  • Ensuring continuity of information security management.
  • Managing information systems effectively.

An important facet of the ADHICS standards is the prohibition of healthcare entities from utilizing cloud services or infrastructure to store, process, or share healthcare data. This restriction is in place to mitigate the inherent risks associated with cloud technology. Moreover, it mandates healthcare entities to sever any integration with systems that rely on cloud services. The standard also strictly forbids the sharing of health information with third parties, including partners or counterparts, unless authorized by the Department of Health (DoH).

 

Compliance
Compliance
Compliance
Compliance
Compliance
Compliance
Compliance
Compliance
Compliance
Compliance
Compliance
SUBMIT INQUIRY

Pin It on Pinterest