Governance, Risk & Compliance
We provide a wide range of Governance, Risk and Compliance services, in line with industry frameworks, and we align with AS/NZS ISO 31000:2009 and ISO/IEC 27005:2011 risk management standards.
Our staff have a range of experience through commercial and Government sectors, with a strong set of experience in the NZ All of Government certification and accreditation processes. |
Security Risk Assessments
We work with you and the organisation to highlight the security risks associated with your products and services. Our approach includes running business context and technical context workshops to ensure we're identifying the key risks that you care about. Our process aligns with AS/NZS ISO 31000:2009 and ISO/IEC 27005:2011 risk management standards.
Audits
While a risk assessment can highlight what risks may be present in your service, an audit helps quantify that risk and highlights areas for improvement. We develop a thorough audit plan before working with you and your third parties to ensure that everyone is well prepared. Our consultants then assess the effectiveness of controls and not just their presence, to ensure you are aware of the real security and privacy posture of the service in question.
Security Risk Management Plans
Audits often highlight a number of issues requiring remediation, and risks requiring appropriate management. PrivSec can assist you in developing a Security Risk Management Plan (SRMP) that aligns with NZ government expectations, and ensures that you are appropriately managing the security of your service.
Agile Assurance
With an increase of project delivery using agile delivery methods, releasing project features to production in regular, quick sprints, it is important to ensure appropriate due diligence is provided over these changes. While traditional assurance delivery methods can be conducted for these releases, PrivSec have been working with our clients to deliver assurance in a fit for purpose, incremental manner. Reach out to find out more about how we can integrate within your Program Increment (PI) planning.
Datacentre Security Reviews
We will work with you in assessing your physical security and procedures of your datacentres against good security practice, the NZ Protective Security Requirements, ISO 27001-27002 requirements, PCI-DSS requirements or any relevant standards for your industry. These reviews will include a review of your documentation for the site and as well as an onsite visit to confirm the effectiveness of controls.
Worksite Physical Security
Valuable goods, sensitive data or private information is handled in your offices, commercial sites or warehouses? Do you want to know how your physical security could be improved? We can perform a walk-through of your site to look at the types of security controls that have been implemented to determine if they have known bypasses which could be used to gain unauthorised access.