Risk and Compliance

ISO/IEC 27001:2013

ISO/IEC 27001:2013 is a certifiable risk based international standard for setting requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). By establishing an effective and mature information security management system, organizations can ensure the preservation of the confidentiality, integrity, and availability of information assets.

ISO 22301:2019

ISO 22301:2019 is a certifiable international standard for setting requirements for establishing, implementing, maintaining and continually improving a Business Continuity Management System (BCMS). By establishing an effective and mature business continuity management system, organizations can ensure minimum disruption of services during incidents or disasters.

ISR V2

ISR V2 is a cyber security standard applicable to Dubai Government Entities. The standard shares a lot of similarities with ISO/IEC 27002:2013 in terms of cyber security controls. Aleant provides full implementation and audits of ISR V2.

NCEMA 7000:2015

The Supreme Council for National Security National Emergency Crisis and Disasters Management Authority (NCEMA) AE/SCNS/NCEMA 7000:2015 standard mandates establishing, implementing, maintaining and continually improving a Business Continuity Management System (BCMS) within UAE entities. By establishing an effective business continuity management system, organizations can ensure minimum disruption of services during incidents or disasters while complying with national regulations.

NESA UAE

National Electronic Security Authority (NESA) UAE information assurance standards provide requirements to implement information security controls to ensure protection of information assets and supporting systems across all entities in the UAE. By complying with UAE IA standards, organizations can ensure the protection of information assets.

Risk Management

Aleant follows a comprehensive approach in risk management in accordance to international standards and best practices. Our methodology will ensure effective risk management and enhancing maturity levels to reduce risks within the organization. Our comprehensive approach helps organizations to better identify their risks in details, analyze them, assess them, mitigate them, and review and monitor implemented controls to ensure effectiveness.

Gap Analysis

Gap Analysis eases the implementation of any standard as it provides a holistic view of current compliance status and the maturity level of the organization in relation to the standard. Aleant’s Gap Analysis approach is based on multiple information sources such as document review, information collection, site visits, observations, and assessments of current controls.

Audits

Audits are carried out in order to identify non-conformities and ensuring compliance with standards and regulators. Auditing is the best tool for ensuring continual improvement of any management system. In order to ensure continual improvement Aleant assists your organization to take appropriate corrective action against any finding.

Data Classification

Only data and information that is appropriately classified and labeled can be adequately protected. Aleant follows a structured approach for classifying data based on the environmental scan of your organization. By understanding the organizational environment we suggest different data classification schemes in order to select the most suitable scheme for your organization. Our data classification approach complies with standards and best practices.

Incident Handling Frameworks

In order to enable organizations to follow a proactive approach in mitigating risks and handling incidents, Aleant will assist in creating all frameworks, policies, and procedures needed to establish an effective information security incident response team (ISIRT) based on various standards and best practices such as ISO/IEC 27035:2011, ISO/IEC 27037:2012, etc. This team will be responsible for the detection, handling, investigation, and eradication of security incidents.