Professional Services

Certification

We enable you to demonstrate that your services, processes or systems are compliant with local or international regulations and standards, or customer defined standard, through certification.  We provide certification services in Information Security Management System (ISO 27001) and Quality Management System (ISO 9001).

ISO 27001 details requirements for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS), aiming to help organizations to protect information assets they hold.

ISO 9001 helps organizations to ensure they meet customer and other stakeholder needs within statutory and regulatory requirements related to a product or service.

Audit

We deliver audit services against specifications and standards outside our normal certification services, with major focus in Quality Management, Information Security, Service Management and Business Continuity. These can be tailored to your own specifications and delivered to assure the compliance.

  • ISO 9001
    • Quality Management Systems
  • ISO/IEC 20000-1
    • Information Technology – Service Management – Part 1: Service Management System Requirements
  • ISO 22301
    • Security and Resilience – Business Continuity Management Systems – Requirements
  • ISO/IEC 27001
    • Information Security Management Systems
  • ISO/IEC 27002
    • Code of Practice for Information Security Controls
  • ISO/IEC 27017
    • Code of Practice for Information Security Controls based on ISO/IEC 27002 for Cloud Services
  • ISO/IEC 27018
    • Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds acting as PII Processors
  • ISO/IEC 27701
    • Security Techniques – Extension to ISO/IEC 27001 and ISO/IEC 27002 for Privacy Information Management – Requirements and Guidelines
  • ISO 31000
    • Risk Management
  • ISO 29100
    • Information Technology – Security Techniques – Privacy Framework
  • Cloud Security Alliance (CSA)
    • Security, Trust, Assurance Registry (STAR)
  • EuroCloud Euro (ECE)
    • Eurocloud Star Audit Certification

Cyber Security Risk Assessment

Our qualified professional work with you to design bespoken cyber security assessment, including HKSARG SRAA, Cyber Security Regulation, Web Application, Mobile Application, Network and Host Assessment, Privacy Impact Assessment and Data Protection Assessment, to mitigate vulnerabilities and risks and fulfil compliance obligations.

  • Open Source Testing Methodology Manual (OSSTMM)

  • OWASP Security Risks

  • Baseline IT Security Policy (S17) sets the baseline standards of IT Security Policy for Government bureau/departments. It states what aspects are of paramount importance.

  • IT Security Guidelines (G3) elaborates on the policy requirements and sets the implementation standard on the security requirements specified in the Baseline IT Security Policy

  • Practice Guide for Security Risk Assessment & Audit (ISPG-SM01) formerly known as G51,provides the practical guidance and reference for security risk assessment & audit in the Government.

  • HKMA Guidelines

  • Macao Cybersecurity Law

  • Cybersecurity Law of the People’s Republic of China

Training

We offer cost effective and comprehensive trainings, from ISO management systems to customized training courses as your needs.

What is ISO/IEC 27001?

ISO/IEC 27001 provides requirements for organizations seeking to establish, implement, maintain and continually improve an information security management system. This framework serves as a guideline towards continually reviewing the safety of your information, which will exemplify reliability and add value to services of your organization.

Why is Information Security important for you?

ISO/IEC 27001 assists you to understand the practical approaches that are involved in the implementation of an Information Security Management System that preserves the confidentiality, integrity, and availability of information by applying a risk management process. Therefore, implementation of an information security management system that complies with all requirements of ISO/IEC 27001 enables your organizations to assess and treat information security risks that they face. Certified ISO/IEC 27001 individuals will prove that they possess the necessary expertise to support organizations implement information security policies and procedures tailored to the organization’s needs and promote continual improvement of the management system and organizations operations. Moreover, you will be able to demonstrate that you have the necessary skills to support the process of integrating the information security management system into the organization’s processes and ensure that the intended outcomes are achieved.

Benefits of ISO/IEC 27001 Information Security Management

Exquisite ISO/IEC 27001 Certificate will prove that you have: Obtained the necessary expertise to support an organization to implement an Information Security Management System that complies with ISO/IEC 27001

  • Understood the Information Security Management System implementation process
  • Provide continual prevention and assessments of threats within your organization
  • Higher chances of being distinguished or hired in an Information Security career
  • Understood the risk management process, controls, and compliance obligations
  • Acquired the necessary expertise to manage a team to implement an ISMS
  • The ability to support organizations in the continual improvement process of their Information Security Management System
  • Gained the necessary skills to audit organization’s Information Security Management System

ISO/IEC 27001 training courses available. By clicking in one of the options below, you can find the training that best suits to you and your career.

  1. ISO/IEC 27001 Introduction
    Introduction to Information Security Management System (ISMS) based on ISO/IEC 27001
  2. ISO/IEC 27001 Foundation
    Become acquainted with the best practices of Information Security Management System (ISMS) based on ISO/IEC 27001 ISO/IEC
  3. ISO/IEC 27001 Lead Implementer
    Master the implementation and management of Information Security Management System (ISMS) based on ISO/IEC 27001
  4. ISO/IEC 27001 Lead Auditor
    Master the Audit of Information Security Management System (ISMS) based on ISO/IEC 27001

For more details / inquiry, Contact Us to begin with the first step.

What is ISO 9001?

As an international standard, ISO 9001 specifies the requirements for organizations that want to ensure continual improvement and meet customers’ needs. ISO 9001 was specifically designed to serve as a guiding framework for organizations of all sizes and industries as it provides a firm customer focus, namely delivering qualitative goods and services, which subsequently leads to customer satisfaction. The implementation of a Quality Management System is a strategic decision for organizations that aspire to improve their overall performance and provide a strong basis for sustainable development initiatives. The standard assists organizations and/or professionals to plan processes, interactions and have a risk-based thinking.

Why is Quality Management important for you?

ISO 9001 certified professionals are considered as a strong asset to any organization. Meeting the future needs and expectations is a big challenge for organizations that operate in any industry, especially in today’s increasingly dynamic environment. Thus, in order to accomplish organizational objectives, it is important to understand the necessity of hiring experts on Quality Management Systems. By implementing ISO 9001, the certified professionals will help organizations to adopt continuous improvement practices and provide them with the essential techniques to ameliorate their working processes. As a result of increased efficiency, all the processes within the organization will be accordingly aligned and understood. Moreover, the productivity will increase and the costs will decrease. ISO 9001 experts enable organizations to identify and address organizational risks, and achieve customer satisfaction. They also enable organizations to increase their global presence as many clients require ISO 9001 certified experts before conducting business.

Benefits of ISO 9001 Quality Management

By becoming an ISO 9001 certified professional, you will be able to:

  • Gain expertise on Quality Management Systems
  • Help the organization to offer qualitative products and services
  • Help the organization to reduce costs
  • Gain competitive advantage
  • Increase effectiveness
  • Assist the organization to focus on risk-based thinking
  • Contribute to the organization’s continuous improvement
  • Improve performance
  • Streamline organizational operations
  • Increase the efficiency of the supply chain management

ISO/IEC 27001 training courses available. Check the training courses below and find the one that suits you best:

  1. ISO 9001 Introduction 
    Introduction to Quality Management System (QMS) based on ISO 9001
  2. ISO 9001 Foundation
    Master the implementation and management of Quality Management System (QMS) based on ISO 9001
  3. ISO 9001 Lead Auditor
    Master the implementation and management of Information Security Management System (ISMS) based on ISO/IEC 27001
  4. ISO/IEC 27001 Lead Auditor
    Master the Audit of Quality Management System (QMS) based on ISO 9001
  5. ISO 9001:2015 Transition
    Prepare for the transition from an ISO 9001:2018 Quality Management System (QMS) to ISO 9001

For more details / inquiry, Contact Us to begin with the first step.

Data Control And Privacy Assessment

We offer data protection and privacy assessment to help you identify the data protection risks of personal information.

  • ISO/IEC 27018

    Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds Acting as PII Processors

  • ISO/IEC 27701 

    Security Techniques Extension to ISO/IEC 27001 and ISO/IEC 27002 for Privacy Information Management Requirements and Guidelines

  • ISO 29100 

    Information Technology Security Techniques Privacy Framework

  • General Data Protection Regulation (GDPR)

  • The Personal Data (Privacy) Ordinance – PCPD