Are you interested in an information security survey and penetration test?

want a legal opinion on how to handle the issue of General Data Protection Regulation (GDPR)?

Recently (2017), the Protection of Privacy Regulations (Information Security) entered into effect. These Regulations determine the types of databases required for protection according to the rules detailed in the Regulations. The Regulations define the steps that the database owner must take in order to protect the database and prevent a breach of the privacy of the subjects of the information. Companies that maintain databases must define the layers of protection required for the databases, define information security policy documents, prepare scenarios and identify information security risks, along with planning on how to cope with existing threats to the databases.
Concurrently, the European General Data Protection Regulation (GDPR) entered into effect in May 2018. GDPR sets rules for the protection and security of databases containing information on citizens living in countries that are part of the European Union.

Confused? Does this issue have anything to do with you? Do you understand what has to be done to prepare for the issue? Are you afraid of making a mistake?

In order to help companies deal with the issue and find an accurate solution for companies and businesses, we have set up a multidisciplinary team that includes a lawyer and information security experts.
The consultancy process includes the following phases:

Evaluation and mapping phase

The purpose of the evaluation is to examine the extent to which the organization is exposed to the data protection requirements and to provide preliminary information on how to deal with the issue.

This includes, inter alia, the following topics:

  • Examining the relevance of the issue to the organization
  • Classification of information – what information is saved? Who owns the database? Does the database pertain to people in Europe?
  • Collection – is the information collected properly?
  • Saving – is the information saved properly?
  • Processing – are user profiles created? Are customers monitored by digital means? Are the types of users analyzed for decision-making purposes?
  • Transfer – is the information transferred (knowingly or unknowingly) to organizations that make use of it for their benefit?
  • Security – are adequate information security means employed?
  • Transparency – is the organization transparent in communicating with its customers on the subject of privacy protection? Are the customers aware of the organization’s information security policy and do they agree with it?
  • The legal aspect – do the GDPR requirements apply to the organization?

Dealing with information security gaps identified in the survey

We will work with you to formulate a solution based on the results of the assessment.
This will include the following topics:

  • “Hedging” the liability – if possible – seeking solutions that will reduce the need for privacy protection
  • Examining the company’s information security and privacy system and adapting it to the regulatory requirements. Addressing physical and digital security requirements;
  • Searching for for information security leaks; preparing mechanisms for reporting leaks of information security as required by law.
  • Preparing an approved action plan ;
  • Implementing the action plan.

OK Management Consulting helps organizations prepare for compliance with privacy laws and regulations, including:

A. Supporting the company in preparation for ISO 27001 Information Security certification.

In accordance with a clarification document sent by the Ministry of Justice/Privacy Protection Authority (see Registrar of Databases Directive No. 03-2018), an ISO 27001 certified organization complies with most of the provisions of the Israeli Protection of Privacy Regulations. In addition, compliance with the standard means that the organization complies with part of the GDPR requirements .

B. Carrying out technological risk assessment surveys with an emphasis on privacy protection

The assessment addresses the requirements of GDPR and privacy protection regulations for identifying threats and risks and determines ways of dealing with the risks identified in the survey.

C. Carrying out a penetration test

Companies that maintain databases with a high / medium classification are required to carry out penetration testing every 18 months.

D. Providing a legal opinion regarding the degree of compliance with the Protection of Privacy Regulations and GDPR

As needed – a legal opinion can be obtained from an attorney specializing in the field.

To hear more details, please call Orna +972-53-7739018 or leave your contact details below