GRC & Privacy Compliance

In every industrial field, there are norms and standards for data security and protecting customer privacy. These standards could be established on an international level, European level, or local Israeli level and they apply to anyone dealing in that industrial field. For example, in the insurance field there must be compliance with international ISO standards and every company that conducts its business with the European Union is required to comply with GDPR regulations etc.

Utmost importance is placed on compliance with the standards regarding both continuation of work or even commencing it with additional entities such as government offices, external companies in Israel or overseas etc. and regarding the company’s liability vis-à-vis its customers and suppliers. These standards are intended to protect the organization against penetration and use of data should any penetration occur and, as a result, protect customer and supplier privacy, or any other sensitive information on the computer network.

International Standard ISO 27001 relates to information protection management in a company or organization and includes a list of requirements and inspections for the purposes of safeguarding privacy. This Standard shall apply to organizations, companies and businesses of all types and in all operational scopes. There are expansions to this Standard that also relate to safeguarding medical information

  • The GDPR Standard has been the new European Union law since 2018, which establishes instructions, stipulations and rules of information security that are intended to safeguard the Union’s citizens. Any organization operating within the Union’s borders is required to assimilate this Standard.
  • The NIST Standard defines how to use, distribute and save sensitive data and even such that is not defined as classified.
  • The SOC1 and SOC2 Standards relate to providing a service and principles of trust.

There are additional data security and safeguarding privacy standards and it is important to inspect compliance to which Standard is required for your organization.

At Auren, we can clarify as to which standards you are required to meet. We will examine your systems and advise you as to your modus operandi. For example assimilating standards in the existing systems or changing the systems so that they would be suitable for assimilating the mandatory standards.