Risk and Compliance

ISO/IEC 27001:2013 is a certifiable risk based international standard for setting requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). By establishing an effective and mature information security management system, organizations can ensure the preservation of the confidentiality, integrity, and availability of information assets.

ISO 22301:2019 is a certifiable international standard for setting requirements for establishing, implementing, maintaining and continually improving a Business Continuity Management System (BCMS). By establishing an effective and mature business continuity management system, organizations can ensure minimum disruption of services during incidents or disasters.

ISR V2 is a cyber security standard applicable to Dubai Government Entities. The standard shares a lot of similarities with ISO/IEC 27002:2013 in terms of cyber security controls. CyberArrow provides full implementation and audits of ISR V2.

The Supreme Council for National Security National Emergency Crisis and Disasters Management Authority (NCEMA) AE/SCNS/NCEMA 7000:2015 standard mandates establishing, implementing, maintaining and continually improving a Business Continuity Management System (BCMS) within UAE entities. By establishing an effective business continuity management system, organizations can ensure minimum disruption of services during incidents or disasters while complying with national regulations.

National Electronic Security Authority (NESA) UAE information assurance standards provide requirements to implement information security controls to ensure protection of information assets and supporting systems across all entities in the UAE. By complying with UAE IA standards, organizations can ensure the protection of information assets.

Gap Analysis eases the implementation of any standard as it provides a holistic view of current compliance status and the maturity level of the organization in relation to the standard. CyberArrow’s Gap Analysis approach is based on multiple information sources such as document review, information collection, site visits, observations, and assessments of current controls.

Only data and information that is appropriately classified and labeled can be adequately protected. CyberArrow follows a structured approach for classifying data based on the environmental scan of your organization. By understanding the organizational environment we suggest different data classification schemes in order to select the most suitable scheme for your organization. Our data classification approach complies with standards and best practices.