Certified ISO 22301 BCMS Foundation training course outline. This course provides a comprehensive introduction to the ISO 22301:2019 standard and its requirements for an effective BCMS, including:

• Understanding business continuity concepts, terms and definitions.
• The benefits of a BCMS to an organisation.
• The process elements of a BCMS.
• The principles of business impact analysis and risk assessment.
• The principles of incident response and business continuity management.
• The principles of exercising business continuity arrangements.

Achieve compliance with ISO22301 or  ISO 27000 in just four months. POWEX  Consultancy Service has been specially designed for professional businesses . We will help you achieve  certification-readiness in four months, guaranteed and take care of the entire implementation process up to certification-readiness.

Save time and hassle when managing your BCMS with hands-on support from an ISO 22301 specialist. This service will enable you to maintain ongoing compliance with the requirements of ISO 22301, and is aimed at those who currently have no in-house expertise to manage an ISO 22301-conformant business continuity management system (BCMS).

Audit of management systems in a broader perspective and to provide guidance that is more general.

Audit results can provide information for the analysis part of business planning and make it possible to identify improvement needs and improvement measures.

An audit is conducted according to guidance for the audit of management systems (ISO 19011:2018 /ISO27007) and addresses a range of audit criteria, separately or in combination, including but not limited to:

• Requirements specified in one or more management system standards, policies and requirements established by relevant stakeholders, legal and regulatory requirements,
• One or more processes within the management system defined by the organization or other parties,
• Management system plan(s) to achieve specific results with a management system ( eg Quality Plan and Project Plan).

This standard provides guidance for all organizations, regardless of size and type, and for audits of varying scope, including audits performed by large audit teams, which is common for larger organizations, and audits performed by individual auditors, whether the organization is small or large .

• High-quality services to assess the IT infrastructure and identify vulnerabilities by reviewing IT services configuration against the industry best practices and vendor’s recommendations.
• High-quality penetration testing services – ScienceSoft uses predominantly manual security testing techniques combined with an automated approach. This approach fully validates all issues and vulnerabilities beyond scanner results.
• Perform Gray Box Penetration Testing based on the NIST 800-115 guidance to evaluate the security and identify vulnerabilities by simulating attackers’ actions and unauthorized access to the data and IT resources.
• With skilled Pentest engineer and IT Security Engineer to work on this project, and a dedicated Project/Account Manager will supervise them.
• Our Deliverables :
• Comprehensive Final Report with technical details of testing performed and findings, description of the methodology, and remediation recommendations.
• Comprehensive Final Report with technical details of IT Cyber Risk Assessment performed and findings, description of the methodology, and remediation recommendations.
• Executive Summary – could be used as a customer-facing document

Cyber security audit (CIS V8) Critical Infrastructure Cybersecurity.

Led by Sour Solution Architect and Tech Led: with +20 years Cloud Security Architect with Azure, Amazon Web Services and Goggle Cloud Platform. He works with developing cloud strategies, guiding cloud principles, security requirements, implementation guidelines, architecture descriptions as well as working hands-on implementing governance and security controls in cloud environments. A substantial part of this work is to analyses regulations, information security frameworks and Best Current Practices that affect an organization and on how to adhere to them in practice. He is also experienced in managing and monitoring cloud resources/services, working with Infrastructure-as-Code, Defender for Cloud and Azure Sentinel.

• Docker, Docker Swarm and Kubernetes
• Azure, AWS and GCP
• DevOps/DevSecOps
• Infrastructure as Code development using Terraform and ARM templates
• PowerShell and C#
• Security Architecture framework for infrastructure governance & security
• VMware vRealize
• Modelling business capabilities and processes
• Information Security Management Systems (ISMS)
• Software Architecture Descriptions (SAD)
• Infrastructure and systems development practices
• Project management, Kanban, Scrum
• Azure Pack private cloud (System Center 2012)
• Firewalls, IDS, SIEM
• Windows and Linux OS