As per the provisions of the GDPR, in particular article 32 in respect to the security of processing, the organisations should adopt a risk-based approach and implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

These measures should ensure the ongoing confidentiality, integrity, availability andresilience of processing systems and services.

Risk Analysis

MGSI can conduct an information security risk analysis to help your organisation, the c-suite, members of the board and other senior management to assess and take a proactive posture in information security.

In addition, we can review your organisation’s IT environment to assess the current level of information security governance and management and identify opportunities for improving your organisation’s information security capabilities. 

The information security risk analysis /assessment takes into consideration the financial, operational, legal, and reputational impact as well as the impact of the privacy of data subjects whose personal data are processed within your systems and services.

We can assess the ability of the existing measures to protect the personal information transferred within your organisation’s infrastructure, network, applications, databases as well as the personal information stored allover the data centres and backups.

The objective is to evaluate the capabilities of such measures to protect the confidentiality, integrity, and availability as well as the business resilience of processing systems and services.

Our work helps your organisation understand the level of compliance against the provisions of the GDPR in respect to the security of processing of personal information as well as mitigate the risks and identify potential security gaps that could prove a liability.

Implementation

MGSI can help your organisation develop and implement technical and organisational measures according to best practices as ISO/ IEC  27002

To do so, we can accompany your organisation to implement an Information Security Management System (ISMS) that is a part of an overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security.

The ISMS ensure a holistic approach to managing information security – confidentiality, integrity, and availability of information including personal data.

To lead such implementation, MGSI can act as an Information Security Officer for your organisation when you might not have the available resource, budget and would prefer to outsource this function to guarantee expertise and availability.

This role is to help your organisation manage the implementation of the management system and ensure the effectiveness of the proposed technical and organisational measures within your organisation.