Help AG, the information security services and solutions provider, has furthered its position as a provider of Managed Security Services (MSS) in the Middle East by achieving the Information Security Management System ISO/IEC 27001:2013 certification. This confirms that Help AG has implemented over 110 stringent security controls relating to Physical & Environmental Security, Technical Security, Personnel Security, Supplier Relations, Operations Security, Business Continuity, Incident Management, and Compliance.
The audit and certification were carried out by BSI Group following a stringent internal audit by Help AG’s own Strategic Security Consulting division. “We understand that there are some reservations that regional businesses have about trusting security controls to service providers. Our ISO27001 certification enables us to guarantee the right level of controls exists and is audited by an external agency at regular intervals,” said Stephan Berner, CEO at Help AG. “This together with initiatives such as delivering all services locally, offering an on-premise deployment option, fully recording all access, and strictly adhering to all local laws has helped us address customers’ concerns and challenges regarding management and access to sensitive data by our MSS team.”
Preparation for the certification began in parallel with the service launch last year. For this, Help AG carried out risk assessment, drafted required policies & procedures, and ensured the required security controls were well implemented. This was followed by intensive internal audits and assessments. The decision to certify its Managed Security Services by an external party post-service launch was made to ascertain all the security controls, policies and procedures were in place as originally planned. To achieve the certification, Help AG has adopted clauses as per ISO27001:2013 10 and implemented security controls for each of the applicable controls as documented under ISO27002:2013.
Help AG’s MSS division offers customers 24/7 Monitoring, Compliance, Forensic Analysis, Incident Handling & Remediation, Log Management, Operational Event Reporting, and Security Platform Management. These are delivered as subscription-based services that can be easily integrated with the customer’s existing security infrastructure, whether it is on-premises or cloud based.
In addition to the ISO/IEC 27001:2013 certification, Help AG’s MSS division differentiates itself by being the only provider that fully complies with the UAE government’s regulatory frameworks, delivering all services 100% locally and in accordance with local laws, and maintaining technical controls that are in line with industry’s best practices including encryption, data leakage prevention, privileged access management, and end session recording for all access into MSS components.
Commenting on the benefits that MSS offers to regional businesses, Berner said, “Even large enterprises in the region lack the financial and human resources to have specialised teams of IT security experts. This leaves them with little time to continuously monitor their infrastructure for cyber threats and makes incident response a tremendous strain on already overworked employees. Our MSS is an affordable way for businesses to gain ready access to the very best security experts to significantly enhance their security posture.”