Audit & Compliance

The regulatory and compliance climate is becoming more demanding and complex.

BISS has extensive experience assessing organizational policies, procedures, and technical implementations against key local and international industry standards.

BISS security Audit, Assessment & Compliance services are tailored around the regulations that affect your business. Our security consultants will assess your existing security processes and make recommendations to help your organization prepare for, and pass, any security audits.


We have experience with the following standards and regulations:

  • ISO/IEC 17799 Code of Practice for IS Management
  • ISO/IEC 27001 (formerly BS7799 Part 2)
  • ISO/IEC 27002 (formerly ISO/IEC 17799 / BS7799 Part 1)
  • PCI:DSS Payment Card Industry (PCI) Data Security Standard (DSS)
  • Internet Banking: MCTI 389/2007
  • Electronic Invoicing: OMF  1077/2003
  • BaselII:operational risk
  • Sarbanes-Oxley (SOX) Section 404: Management Assessment of Internal Controls
  • COBIT 4.0: Control Objectives of Information and Related Technology
  • ISO/IEC TR 13335: Information technology guidelines for management of IT Security

We also have experience with conducting technical security assessments, within your policy-based framework:

  • Network Vulnerability Assessment
  • Host Security Assesment
  • Penetration testing / ethical hacking
  • Web Application Security Assessment
  • Database Security Assessment
  • SCADA Security
  • Application Security Assessment
  • Source code review

BISS security Audit, Assessment & Compliance services follow a clear methodology developed in years of experience. This methodical approach to information security helps your organization get the best knowledge of its information security status and meet the security best practices that keep you in compliance with the regulatory requirements of your industry.


About services

BISS provides a comprehensive range of information security services centered around assessment & assurance, strategy & architecture, through to deployment & ongoing management.

Our services have been specifically designed to assist organizations identify and evaluate IT security risks (through security reviews, assessments, security audits, and penetration tests) and to design and implement security solutions which mitigate any exposures through strategic security consulting, policy, and technology initiatives.

Our service offering has been designed to meet your specific needs, provide you with the most effective support in the industry and to help you get the most from your IT Security systems.

Uniquely we have the skills and expertise to both carry out the highly technical work of protecting the enterprise from attacks from without, and within, as well as the senior business levels skills of communication so all stakeholders will understand what is being done and why.


Other informations

When we opened our doors in 2001, information technology had just shaken off its image of being many singular applications working together and was beginning to run the entire enterprise. In addition, the Internet and web access were emerging technologies that required connectivity into core business systems.

The IT world changed from being a closed fortress with strong controls and limitations to external access, to an open internet-enabled world. Threats are evolving rapidly.

These risks are moving away from daily alert items for IT support staff, and on to the boardroom table as a vital activity in protecting the firm's value, profits and business growth agendas.