Corporate Risk Management


DIAGNOSIS, WHY DO IT?


It has become increasingly common for clients from many sectors to request evidence that proves the level of security as a contractual requirement, let’s see some examples:

  • The banking sector requests requirements from its technology service providers that guarantee a level of security.
  • Companies that develop software encounter audit requirements from their clients in different countries.
  • In the United States, it is common for suppliers to be audited before being hired to ensure compliance with regulations such as HIPAA, SOX, FISMA, PCI-DSS, etc.
  • Similarly, in Latin America, it is usual to request evidence of compliance or alignment with industry standards such as NIST CSF, Cobit5, ISO27001, etc.
  • Data protection laws are in force for many countries, for example: Chile (Law No. 19,628), Colombia (Law 1581), Costa Rica (Law 8968), Brazil (LGDP), United States (FISMA, CCPA) , Canada (PIPEDA), Europe (GDRP), etc.

If you find yourself in any of these situations, you can talk to our advisors so that they can guide you effectively and make the best decision.


LEGAL ADVICE, WHY RECEIVE IT?


Currently, the vast majority of companies have, in one way or another, mechanisms to process and store information on customers, suppliers, collaborators, etc. Your legal shield is put to the test when unpredictable events occur.

  • Information protection failures.
  • Management of incidents when there is economic damage or criminal activity.
  • Failure to comply with aspects implicit in regulations and that were not contemplated contractually.
  • Identity theft or impersonation.

Preventing in these cases is much less expensive in terms of fees and time consumption, compared to recovering or disputing aspects that were not clearly defined prior to what happened.


Forensic analysis. When do you need one?


You can consider contracting this service if you suspect that you may be suffering or if it is confirmed that there is an ongoing cybersecurity breach that puts the company’s assets at risk or may cause harm to its customers, business partners, collaborators or third parties.

The digital forensic analysis process must be executed in conjunction with the incident response protocol of your company and judicial authorities if there is economic damage or, if you do not currently have a process to deal with cybersecurity incidents, we recommend that you contact us as soon as possible to that an advisor can guide you through the critical initial minutes of the investigation.

Consider that not following the proper procedure could eliminate or invalidate evidence required for legal proceedings.



<< Cybersecurity Services