CYBEROOT offers expert guidance and consulting services to help organizations comply with a wide range of international and local standards and regulations. Here are some of the key standards and regulations we can assist with:
1. ISO Standards
- ISO 27001: Information Security Management System (ISMS) – We help organizations achieve and maintain ISO 27001 certification by conducting audits, performing gap analyses, and developing necessary policies and procedures.
- ISO 27701: Privacy Information Management System (PIMS) – Assistance with implementing and maintaining ISO 27701 to enhance privacy management in line with GDPR and other privacy regulations.
- ISO 22301: Business Continuity Management System – Guidance on establishing and maintaining a business continuity plan that aligns with ISO 22301 requirements.
- ISO 31000: Risk Management – Support in implementing a risk management framework according to ISO 31000 standards.
2. GDPR (General Data Protection Regulation)
- Compliance with the EU General Data Protection Regulation (GDPR), including data protection impact assessments (DPIA), privacy notices, data subject rights, and more.
- Assistance with appointing and managing a Data Protection Officer (DPO) as a Service to meet GDPR requirements.
3. NIST (National Institute of Standards and Technology) Frameworks
- NIST Cybersecurity Framework (CSF) – Implementation and optimization of NIST CSF to enhance cybersecurity posture.
- NIST SP 800-53: Security and Privacy Controls for Information Systems and Organizations – Guidance on applying the NIST SP 800-53 controls to meet U.S. federal standards.
- NIST SP 800-171: Protecting Controlled Unclassified Information (CUI) in Non-Federal Systems – Assistance in implementing NIST 800-171 standards for organizations that handle U.S. government data.
4. HIPAA (Health Insurance Portability and Accountability Act)
- Compliance with HIPAA regulations for healthcare organizations, including risk assessments, policy development, and breach notification procedures.
5. PCI DSS (Payment Card Industry Data Security Standard)
- Assistance in achieving and maintaining PCI DSS compliance for organizations that handle credit card transactions, including gap analysis, risk management, and audit support.
6. Israeli Regulations
- Privacy Protection Regulations (Data Security) – 2017: Ensuring compliance with Israel's data protection laws, including data security, privacy notices, and breach notification requirements.
- Israeli Cybersecurity Standards: Guidance on local cybersecurity standards set by the Israeli National Cyber Directorate (INCD) and other relevant regulatory bodies.
- Israeli Financial Regulations: Assistance for financial institutions in complying with the Bank of Israel's regulations and directives concerning cybersecurity and data protection.
7. SOX (Sarbanes-Oxley Act)
- Guidance on establishing and maintaining internal controls over financial reporting and IT controls to comply with SOX requirements.
8. CCPA (California Consumer Privacy Act)
- Assistance in achieving compliance with the CCPA, including data mapping, privacy notices, and data subject rights.
9. COBIT (Control Objectives for Information and Related Technologies)
- Implementation and optimization of COBIT frameworks to improve IT governance and management practices.
10. Basel III
- Guidance for financial institutions to comply with Basel III regulations, focusing on risk management, capital adequacy, and liquidity requirements.
11. Cybersecurity Maturity Model Certification (CMMC)
- Assistance for organizations working with the U.S. Department of Defense (DoD) to achieve compliance with CMMC requirements.
12. Other Industry-Specific Regulations
- SWIFT CSP (Customer Security Program): Assistance for financial institutions in achieving compliance with SWIFT’s Customer Security Controls Framework.
- FISMA (Federal Information Security Management Act): Support for U.S. government contractors in meeting FISMA requirements.
- FDA (Food and Drug Administration) Cybersecurity Guidance: Support for medical device manufacturers and healthcare organizations to comply with FDA cybersecurity guidelines.
CYBEROOT can also provide tailored consulting services to help organizations navigate any other relevant standards or regulations specific to their industry or operational requirements.