Black Cell Compliance offers its various services in the following service areas:
- Risk Management
- Control Maturity and Audit Readiness
- Outsourced Services such as Information Security Officer and Data Protection Officer
- Critical Infrastructure Assurance
Risk management
Our risk management services include:
- Internal and external risk assessment
- Risk management
- Risk treatment planning
Who do we recommend risk management?
- Organizations subject to Ibtv.
- Financial institutions
- Any security-conscious organization and business
Control maturity assessment
As part of the control maturity assessment, Black Cell Compliance:
- Conducts an audit against the desired control framework
- Identifies non-conformities, risks and opportunities
- Develops and supports implementation of corrective measures
- Establishes action plans and corrective measures
Who do we recommend control maturity assessment?
- Financial institutions
- Any security-conscious organization and business
- Organisations aiming to obtain ISO 27001 certification
Methodologies and requirements for the basis of control maturity assessment
- ISO/IEC 27001:2013
- NIST SP 800-53
- NIST Cybersecurity Framework (CSF)
Audit readiness
As part of audit readiness services Black Cell Compliance prepares its clients for certification or renewal audits.
The development of an ISO based management systems begins with audit preparation activities, consisting of the below phases:
- Control maturity assessment
- Process optimization, documentation, and control deployment
- Management system operations (internal audit, risk management)
Critical Infrastructure Audit Assurance
Prior to designation:
- Conducting an identification assessment and preparing an identification report
After designation:
- Appointment of a security officer
- Creation of an operator security plan based on risk assessment to the authority
Black Cell Compliance assures the enforcement of the above-described tasks with a high level of professionalism.
Privacy Readiness
With the General Data Protection Regulation (GDPR), businesses controlling personal data face a myriad of tasks. Black Cell Compliance team has outstanding expertise in data protection to carry out the following tasks:
- Personal data discovery
- Process optimization
- Security controls implementation
- Documentation
Outsourced services
An information security management system (ISMS) implemented in accordance with ISO/IEC 27001:2013 and ADHICS represents an established and constantly fine-tuned information security maturity.
As part of our services, we implement the ISMS with the following key steps:
- Control maturity assessment
- Process optimization
- Security controls implementation
- Documentation
- Risk management
- Internal audit and non-conformity management
As part of the project we ensure successful certification audit and subsequent renewal audits.
Business Continuity Management
It is vital to be prepared for events disrupting business processes to enable quick response and recovery. Black Cell Compliance’s Business Continuity Management services consist of:
- Business impact analysis
- Business Continuity Planning
- Disaster Recovery Planning
- Training and testing
- Continuous improvement
- Pandemic preparedness
<\br>
<\br>
<\br>
<\br>
Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS)
ADHICS stands as a strategic endeavor rooted in the national directive and mission to safeguard healthcare information at its very core. This standard plays a crucial role in upholding the confidentiality and reliability of the healthcare industry, while also bolstering public confidence to its highest level. ADHICS encompasses a wide array of components related to healthcare organizations, including:
- Ensuring the security of human resources.
- Safeguarding physical and environmental aspects.
- Efficiently managing assets.
- Overseeing operational processes.
- Regulating access and communication control.
- Protecting data integrity.
- Managing data sovereignty and retention.
- Ensuring third-party security.
- Handling incidents related to information security.
- Ensuring continuity of information security management.
- Managing information systems effectively.
An important facet of the ADHICS standards is the prohibition of healthcare entities from utilizing cloud services or infrastructure to store, process, or share healthcare data. This restriction is in place to mitigate the inherent risks associated with cloud technology. Moreover, it mandates healthcare entities to sever any integration with systems that rely on cloud services. The standard also strictly forbids the sharing of health information with third parties, including partners or counterparts, unless authorized by the Department of Health (DoH).