Great doesn’t have to mean complicated
Viden prides itself on being able to communicate effectively from the server room to the board room. Whether it’s developing a security governance strategy or assisting with an independent audit, Viden takes care to make the complex, clear.
Our GRC Capabilities
Our expert team of GRC specialists are intimately familiar with the selection, design, implementation, or audit of a broad range of cyber security or privacy frameworks, including the ISM, ASD Essential Eight, ISO27001, NIST, CMMC, SOC2, the APP and CPS234.
IRAP
Assessments
Helping independently assess and document in a formal IRAP Report, the implementation, appropriateness and effectiveness of your products or system’s security controls
ISO27001
Audits, Gap Analysis & Implementation
Helping you strengthen you Information Security Management System (ISMS) based on the ISO27000 series
Essential Eight Implementation & Audits
Helping you achieve compliance or maturity level uplift, against the Australian Signals Directorate’s (ASD) Essential Eight security controls.
Privacy Impact Assessments
Helping you systematically analyse your business processes or projects, and their potential privacy impacts, against your Privacy Act obligations
Authority to Operate
Methodically evaluate system security impacts, risks and possible controls for implementation, to enable a Authority to Operate for Australian Government systems
CPS234 Tripartite
Reviews & Compliance
Helping your navigating your Australian Prudential Regulation Authority (APRA) information security obligations, to achieve best practice implementation of the CPS234 Prudential Standard
SOC
Assessments
Independent evaluation of your organization’s information systems controls, in relation to the security, availability, integrity, confidentiality and privacy of your customer data
Supply
Chain Risk Assessments
Methodically map and evaluate your ICT/OT product or supply chain, to identify or mitigate against a range of threats, including malicious code, counterfeit parts or manufacturing quality issues
Security Governance Strategy
Craft an integrated security strategy which systematically addresses your organization’s hardware, software, data, policies and people, that is the right fit for your goals
ISMS Framework Design and Implementation
Helping you design, implement or enhance your Information Security Management System (ISMS) based on your chosen or a combination of industry best practice standards
Accordion content.
United States Government – Executive Order 15404 has mandated the use of Software Bill of Materials (SBOM) for all products used in the US Government.
All systems that store, process or communicate Australian Government information must be authorised against the Information Security Manual. An IRAP assessment allows you to demonstrate your commitment to security and be more competitive in Australian Government bids.
Accordion content.
Under the Privacy Act 1988, organisations that collect and use personal information must comply with the Australian Privacy Principles. Additional requirements such as the European Union General Data Protection Regulations may also apply for international customers. Viden can provide advice and assistance in complying with your privacy obligations.
A Privacy Impact Assessment involves the identification of impact on the privacy on individuals and for an organisation to manage, minimise or eliminate the impact to privacy of individuals in accordance with the Australian Privacy Principles.
Accordion content.
The Security of Critical Infrastructure Act (or SOCI Act) sets obligations that are required for the following sectors: Communications, Financial services and markets, Data storage and processing, Defence, Higher education and research, Energy, Food and grocery, Healthcare and medical, Space technology, Transport, Water and sewerage.
The three positive security obligations required for these sectors are: Provide operational and ownership information to the Register of Critical Infrastructure Assets, Report cyber incidents which impact the delivery of essential services to the Australian Cyber Security Centre, Adopt, maintain and comply with a written risk management program.
Viden’s experience with national security entities can help you demonstrate and excel in you meting these obligations.
Ready to get started?
It’s not a case of if, but when
Modern cyber threats are pervasive and persistent. Let us help you design and build a GRC system that is the Right Fit For Risk (RFFR).
