Use Case for Clients
- Home
- Use Case for Clients
Use case – 01
What is the situation/ What did the client ask –
We have facilitated several IT and FinTech SMBs which required a security posture from ground up. Most of our clients required to be ISO 27001 certified and needed a solid foundation to begin with as well a guided approach to security.
What did we do/ approach –
Depending on the current needs of the organisation at the time of initial engagement, we decide our approach and design a roadmap. For many clients we start with the very basics of introducing them to policies, standards and procedures and having them aligned with their specific business strategies.
Once they have approved on the policies and standards, we slowly guide them towards implementing the security posture.
We do not stop once they are certified, many clients require us to continue the journey with them since both parties have developed a long-lasting rapport. We have continued with the same clients for successive certification and annual audits, by monitoring their posture and consulting them on what needs to be done when they grow as a business.
What is the result –
All of our clients are ISO 27001 certified, and we are facilitating some of our clients continuously to keep their certification valid. For many of our clients we are now enhancing and providing consultancy services on NIST, SOC2 Type II.
Use case – 02
What is the situation/ What did the client ask –
As a cybersecurity organisation we are specialised in various regulations and compliance frameworks. Apart from the IT/Fintech clients we also provide our services to many Australian energy clients. Our Australian energy clients require us to guide them and eventually get complaint with the AESCSF (Australian Energy Sector Cyber Security Framework).
What did we do/ approach –
Our approach always starts with the client requirements and what is their current security posture and where they want to be in the future. Many of our clients are SMBs, in those scenarios we start from the fundamentals and guide them through.
We also have clients who are already compliant with other regulations and cyber security frameworks such as NIST CSF or C2M2 (Cybersecurity Capability Maturity Model. In these scenarios our expert panel will discuss on how to enhance the security posture from what is there currently to the desired level.
What is the result –
Most of our energy clients are not compliant with any cybersecurity regulations or frameworks, as with many critical infrastructure requirements their clients may require them to be compliant with one other framework or regulation.
During our initial discussions we raise this crucial point and gather requirements on what other regulations and frameworks that they wish to be complied with e.g., NIST/C2M2. With those requirements in mind, we combine AESCSF.
At the end, the result is, they have the freedom and confidence to tell their clients that they are in alignment with AESCSF as well as other internationally recognised frameworks or regulations.
For clients who are already compliant with other regulations and frameworks, we make use of the existing posture and enhance further in a proactive manner.