PrivSec are certification and accreditation specialists. We provide a wide range of services to meet our clients needs. From short consulting engagements to full audits and certifications, we are here to help.
Security and Privacy Design Reviews
Incorporating security and privacy design principles early on in the development of a new system or service saves both time and money down the road, reducing costs of rework and delaying go-live dates. We can review your design documentation and attend workshops to help align your services with best practice.
While a risk assessment can highlight what risks may be present in your service, an audit helps quantify that risk and highlights areas for improvement. We develop a thorough audit plan before working with you and your third parties to ensure that everyone is well prepared. Our consultants then assess the effectiveness of controls and not just their presence, to ensure you are aware of the real security and privacy posture of the service in question.
Annual Assurance Reviews
An annual operational security review highlights the effectiveness of key security controls for the services you provide. These key controls include but are not limited to logging and alerting, BCP, DR and access management. This can be used to provide assurance to service consumers to show you are appropriately maintaining the security of your solution between certifications.
Security Risk Assessments
We work with you and the organisation to highlight the security risks associated with your products and services. Our approach includes running business context and technical context workshops to ensure we're identifying the key risks that you care about. Our process aligns with AS/NZS ISO 31000:2009 and ISO/IEC 27005:2011 risk management standards.
ISO27001 and PCI DSS Alignment
ISO27001 and PCI DSS can seem like daunting standards to conform to, but are often required depending on the environments you are operating in. Our consultants are experienced in aligning organisations with these standards and assisting in the development of related policies and artifacts to help you meet the standards. Members of our staff have completed ISO27001 lead auditor training, and hold the PCIP qualification.
PrivSec Consulting can assist our clients in uplifting their organisations' security posture to advance their Protective Security Requirements (PSR) maturity.
With an increase of project delivery using agile delivery methods, releasing project features to production in regular, quick sprints, it is important to ensure appropriate due diligence is provided over these changes. While traditional assurance delivery methods can be conducted for these releases, PrivSec have been working with our clients to deliver assurance in a fit for purpose, incremental manner. Reach out to find out more about how we can integrate within your Program Increment (PI) planning.
Privacy Impact Assessments
From privacy threshold assessments through to detailed privacy impact assessments, we can assist you with analysing and assessing privacy risks for individuals arising from the processing of their data.
Cloud Security Reviews
As the usage of cloud services become the status quo, it is important that you are aware of the related security and privacy implications of these services. We can highlight the risks of using these services, as well as conduct reviews of your cloud service implementations.
Security Risk Management Plans
Audits often highlight a number of issues requiring remediation, and risks requiring appropriate management. PrivSec can assist you in developing a Security Risk Management Plan (SRMP) that aligns with NZ government expectations, and ensures that you are appropriately managing the security of your service.
Consultancy and Advice
Our team are experts in their fields, and can provide you with bespoke security consultancy and advice as needed. We can assist in the development of security and privacy policies as well as assisting in the development of your security function.
We're here to help you
We can tailor our services to ensure you end up with the outcomes you require. Being a boutique consulting firm allows us to be agile, and meet our customers needs while retaining our core goals of simple, pragmatic security and privacy.