To support our customers in implementing various risk principles and provide comprehensive operational assurance, Maximus conducts in-depth analytical work to clarify the scope, and understand the business and its operating environment including issues identification. Guided by state-of-the-art research & development techniques and a top-notch risk management methodology, all consultative and audit works are discreetly implemented based on international standards, policies, and guidelines ranging from designing and deploying framework, facilitating risk management processes, defining and deploying governance and processes to meet operational needs, conducting competency and awareness training to gear up operational staff, performance monitoring & audits to evaluate framework effectiveness and managing Management expectations for continual improvements.
conformance FOCUS
This standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in the ISMS standard are generic and are intended to apply to all organizations, regardless of type, size or nature.
This standard specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization. This also specifies PIMS-related requirements and provides guidance for PII controllers and PII processors holding responsibility and accountability for PII processing.
ISO/IEC 27017:2015 gives guidelines for information security controls applicable to the provision and use of cloud services by providing additional implementation guidance for relevant controls specified in ISO/IEC 27002, additional controls with implementation guidance that specifically relate to cloud services, and implementation guidance for both cloud service providers and cloud service customers.
This standard provides guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 for organizations intending to implement ISO/IEC27001 when ISO/IEC 20000-1 is already implemented or vice versa, implement both ISO/IEC27001 and ISO/IEC 20000-1 together, or integrate existing management systems based on ISO/IEC27001 and ISO/IEC 20000-1.
This standard specifies requirements for an organization to establish, implement, maintain and continually improve a service management system (SMS). The requirements specified in this standard include the planning, design, transition, delivery and improvement of services to meet the service requirements and deliver value.
The IT Infrastructure Library (ITIL) is an IT service management framework that outlines best practices for delivering IT services. ITIL’s systematic approach to IT service management (ITSM) can help businesses manage risk, strengthen customer relations, establish cost-effective practices, and build a stable IT environment that allows for growth, scale, and change.
This standard specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from disruptions when they arise. The requirements specified in this document are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization.
This standard provides guidelines on managing risk faced by organizations. The application of these guidelines can be customized to any organization and its context. It also provides a common approach to managing any type of risk and is not industry or sector specific. It can be used throughout the life of the organization and can be applied to any activity, including decision-making at all levels.
This standard was developed to secure industrial automation and control systems (IACS) throughout their lifecycle. It currently includes nine standards, technical reports (TR) and technical specifications (TS). IEC 62443 was initially developed for the industrial process sector, but IACS are found in an ever-expanding range of domains and industries, such as power and energy supply and distribution, and transport. IACS technologies are central to critical infrastructure.
Published by the US National Institute of Standards and Technology (NIST), NIST Cybersecurity Framework provides a set of guidelines for mitigating organizational cybersecurity risks, based on existing standards, guidelines, and practices.
SS 584 commonly known as Multi-Tier Cloud Security (MTCS), is the world’s first cloud security standard that covers multiple tiers of cloud security developed under the Information Technology Standards Committee (ITSC) for Cloud Service Providers (CSPs) in Singapore. The MTCS standard specifies 3 different tiers of security certification qualified with types of services (e.g. IaaS, PaaS, SaaS).
The PCI DSS (Payment Card Industry Data Security Standard) is an information security standard designed to reduce payment card fraud by increasing security controls around cardholder data. The primary goal of PCI DSS is to safeguard and optimize the security of sensitive cardholder data, such as credit card numbers, expiration dates and security codes. The standard's security controls help businesses minimize the risk of data breaches, fraud and identity theft.
SOC 2 is a security framework that specifies how organizations should protect customer data from unauthorized access, security incidents, and other vulnerabilities. The American Institute of Certified Public Accountants (AICPA) developed SOC 2 around five Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.
This framework was developed to guide organizations in building security into their System Development Life Cycle (SDLC), through the alignment of security-related processes/activities alongside SDLC processes. This provides guidelines that would result in more cost-effective and risk-appropriate security considerations and controls in all phases of the SDLC.
COMPLIANCE FOCUS
The Guide to Conducting Cybersecurity Risk Assessment for CII was developed to provide guidance to CII Owners on how to perform a proper cybersecurity risk assessment. This guidance document also spells out the expectations that CII Owners are required to note when conducting their risk assessment under the Cybersecurity Act 2018.
The Guidelines for Auditing Critical Information Infrastructure was developed to set out the expectations for cybersecurity audits and to provide guidance to appointed or approved auditors on key areas to take note of when conducting an audit of the CII under the Cybersecurity Act 2018.
The Guide to Cyber Threat Modelling was developed to supplement the Guide to Conducting Cybersecurity Risk Assessment for CII by providing a practical and systematic way for CII Owners to identify threats for cybersecurity risk assessment. This guide covers various approaches and methods of threat modelling for CII owners to identify relevant threat events.
Instruction Manual 8 consists of government policies, standards, regulations, and codes of practice for IT security defined by Singapore Government. IM8 is a security management tool used by various Government Agencies to safeguard and protect Infocomm Technology and Smart Systems (ICT and SS) assets used in delivering public services.
IMDA has formulated this Codes of Practice to enhance the cyber security preparedness for designated licensees. The Codes are currently imposed on major Internet Service Providers (“ISP”) in Singapore for mandatory compliance, and the coverage includes their network infrastructure providing Internet services. Besides security incident management requirements, the Codes include requirements to prevent, protect, detect and respond to cyber security threats. The Code was formulated using international standards and best practices including the ISO / IEC 27011 and IETF Best Current Practices.
The TIRA Code specifies the essential requirements that the Licensee shall implement to ensure that its telecommunication infrastructure is adequately resilient and the enforcement measures that IMDA may take against the Licensee for a breach of the TIRA Code. These include the requirements for the Licensee to appoint an external independent auditor to carry out audits of the Licensee’s compliance with the controls specified in the applicable schedule of the TIRA Code, carry out audits at the frequency specified in the applicable schedule of the TIRA Code, and submit to IMDA the audit reports within the timeframes specified in the applicable schedule of the TIRA Code.
The Personal Data Protection Act (PDPA) provides a baseline standard of protection for personal data in Singapore. It complements sector-specific legislative and regulatory frameworks such as the Banking Act and Insurance Act. It comprises various requirements governing the collection, use, disclosure and care of personal data in Singapore.
HIPAA is a federal statute enacted by the 104th Congress United States establishes the creation of national standards to protect sensitive patient health information. The HIPAA Privacy Rules requires appropriate safeguards to protect the privacy of personal health information and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
This regulation addresses data protection and privacy within the European Union and the European Economic Area. The Regulation also addresses the transfer of data outside the European Union and the European Economic Area.
We’ve worked with various Standards, Guidelines, and Regulations globally. If you have any questions or want to learn more about our services, feel free to contact us and we will be sure to get back to you shortly.