Compliance and certification

Edgar Kramer

Sales Community Lead Benelux

De transformatie van omgevingen en services naar de cloud heft grote voordelen, maar brengt ook een aantal uitdagingen met zich mee die goed geadresseerd dienen te worden.

Of u nu een IaaS of PaaS gebruikt voor uw eigen native cloud applicaties of u bestaande systemen wilt migreren, of de voordelen van SaaS wilt plukken, onze cybersecurityspecialisten kunnen ervoor zorgen dat uw nieuwe omgeving op een goede manier wordt opgezet.

Met de hulp van onze cloud security experts kunt u ervan verzekerd zijn dat wat u ook in de cloud maakt of gebruikt op een veilige manier tot stand komt en dat de risico’s tot een acceptabel niveau zijn teruggebracht.

Services

Privacy Support

Our privacy support service offers privacy specialists to run your privacy program development. It will be tailored according to your organization’s needs. Privacy support covers scheduled tasks, ad-hoc questions and crisis management. Continuous privacy support offers expertise at hand for everyday privacy issue, robust support at a crisis situation and expertly managed annual privacy program. A nominated privacy specialist will head the service, backed up by a multi-skilled team of cybersecurity, technology, IAM and legal experts. The service typically includes specialist ad-hoc advice for your DPOs, a team ready to assist in data breach cases and development of your privacy management capabilities.

Read more

PCI DSS Onsite Assessment

PCI DSS Onsite Assessment is the assessment service for all parties that store, process or transmit cardholder data. We have experience in assessing different organization types such as large retail chains, small cafés, global service providers, payment gateways, airlines and banks. We don’t only assess, but help the customer in achieving and maintaining compliance as well.

The service is designed to be effective and cause minimal disruptions to the organization’s day-to-day operations. The assessment is divided into phases: Scoping, Documentation Review, Technical Tests and Site Visits, Interview and Observation sessions, Reporting and Closeout meeting. Each phase is carefully designed to guarantee a successful assessment with minimal disruptions.

DPIA - Data Protection Impact Assessment

Conducting a DPIA supported by Nixu ensures a reliable, verified process with input from multi-skilled team of technical and legal privacy experts. The process goes beyond the mere identification of risks and includes suitable mitigation measures for your organization. Nixu's method is comprised of use case and process workshops with technical and legal points covered. We draft data flow maps to bring clarity to the processing activities, conduct a full assessment of risk with all expertise areas covered and produce a comprehensive DPIA report. The DPIA results will be methodically reported including a specific description of processing with additional data flow maps, an expert assessment of the necessity and proportionality of processing, a full and compliant assessment of risk to individuals and legal, technical and organizational measures to address the risk. DPIA report will deliver you the proof of compliance required for authorities and organizational partners.

PCI Software Security Framework Services (PCI SSF)

The PCI Software Security Framework (PCI SSF) is intended for vendors who develop payment applications, or applications related to payment functions. The framework consists of the Secure Software Standard and Secure Software Lifecycle Standard. We can help with training, preparations for the validation, remediation of non-conformities and perform the validation. A successful validation results in the application being on the PCI Security Standards Council as Validated Payment Software. Note: The PCI Software Security Framework replaces the PCI PA-DSS Standard. PA-DSS will be retired in October 2022.

Fintech Security and PSD2

With us you can be innovative. And secure. New Payment Service Directive, PSD2, is forcing banks to evolve rapidly into open banking. It enables a whole new marketplace for new innovative financial service providers. PSD2 as well as GDPR bring challenges in meeting requirements for risk based security management, continuous security monitoring and incident reporting. With our help, you can focus on innovative services and leave the security requirements to us. We help you in building secure digital platforms as well as making sure you are compliant with both PSD2 and GDPR.

DPO as a Service

Nixu’s Data Protection Officer (DPO) as a Service ensures your organization’s designated DPO has extensive legal, technical and managerial privacy expertise. Your tailored DPO will be accessed through one main contact backed up by a multi-skilled team, guaranteeing availability also during holiday seasons and yearly flu epidemics. The DPO will handle and coordinate expert non-operative GDPR tasks such as contact with authorities, privacy training, DPIA specialist advice, reviews of accountability documentation and managing of data breaches. This specialist service stays up to date with privacy legislation and ensures you have the right items on your organization's privacy steering group.

 

Read more

PCI Preparation

PCI Preparation service is the initial step to PCI compliance. We train customer’s key personnel to understand PCI and its requirements. We focus on minimizing the customer’s PCI environment so that compliance can be achieved more cost effectively. The most important outcome of the service is a roadmap that contains clear tasks to be performed in order to become compliant. For each task, a cost estimate is provided and responsibilities defined. The roadmap can be further refined to become a project plan.

The next step after the PCI Preparation phase is usually remediation phase. We support this phase, and help ensure that compliance can be maintained also after the assessment.

Collaborator security audit

The Collaborator Security Audit Service provides customers possibility to verify that security status of their partners and collaborators does not create unacceptable risks, the contractual requirements for security are followed and that the processes and security governance of collaborators is sound and according to industry best practices. Nixu auditor will identify business critical assets, which are exposed to collaborators, and either verifies that contractually agreed security controls are protecting these assets or that the assets are protected based on industry best practices.

  • Edgar Kramer

    Sales Community Lead Benelux

Related blogs