Do the risks of cybercrime keep you awake at night? Do you respect the privacy of your customers and employees?
Every day, hackers find new methods and targets. There are new reports almost daily about successful cyberattacks, leaked personal data and new vulnerabilities. One hack may be sufficient to cause serious damage to the reputation of your business and the financial repercussions are enormous.
GDPR creates a new framework for dealing with personal data, taking account of recent social changes and technical innovations such as cloud computing, globalization and the popularity of social networks. By law, digital personal data must be sufficiently protected. Those who respect the right to privacy increase commercial confidence. Ordina security experts help you out of the impasse.
To manage your information security risks properly, you must tackle this in several fields: technology, organization and people. Changes or modifications in one field have an impact on the other fields. Obtaining a sharp picture of your various information security issues and risks is extremely important but at the same time extraordinarily difficult. Managing this question is a crucial part of our service. At Ordina, we have developed a secure by design method that guarantees the delivery of secure solutions that ensure the security and privacy of your organization. Our experts are happy to help you establish your daily risk management based on a well-considered action plan.
Ordina security consultants study the status of your information security management over a few days. Based on the official and de facto industrial standards (ISO 27001, NIST Cyber Security Framework, COBIT, SANS Top 20 Controls) we detect the inefficiencies in the security of your data, people, processes, applications and infrastructure. You receive a detailed report of your risks and the possible impact. Based on these insights and our expertise we provide you with proposals for improvement and a plan of action. Our security and risk expert takes account of the right balance between security and flexibility/productivity/financial aspects in this. You know how you have to organize your risks and what you need to work on first.
Application and infrastructure Healthcheck
The Ordina security expert maps the systems in the digital chain and conducts penetration tests and ethical hacks to determine the vulnerabilities. He/she investigates whether people can use these vulnerabilities to gain access to your systems. You receive a report with a root-cause analysis and specific recommendations to solve weak spots and to secure your organization adequately against hackers. You have a clear picture of your risks and how you can solve or avoid these. A no-obligation list with proposals for improvement regarding your security.
Both the current privacy legislation and the new, stricter GDPR regulation have an impact on how Belgian companies must deal with digital personal data. There are also countless questions: Have you already identified the personal data of your staff, customers, suppliers? If so, did you follow the correct procedure? And if not, do you know what the correct procedure is? What data is “personal”? Can you show where data has been stored for a particular person? The privacy audit maps your risks and any shortcomings. You will receive a proposal for improvement.
Privacy and software development
New software applications, making web and mobile applications and business software available, ensuring that your organization capitalizes on market opportunities, with new products and services. DTAP (Development, Testing, Acceptance and Production) is a method that refers to the various phases required during software development. The data files used in this process will have to be protected in the context of privacy. Did you know that software developers and testers must not be permitted to see any privacy-sensitive data? Your business must take appropriate technical and organizational measures to implement data protection principles in an effective way.
In the General Data Protection Regulation, the concept of pseudonymized data is introduced as the preferred solution for the use of personal data outside the production environment. Pseudonymization is a procedure by which identifiable data is replaced through a particular algorithm with encrypted data, the pseudonym. The algorithm can always set the same pseudonym for a person, so that information about that person, can be combined, including from different sources. Whereas anonymization is an irreversible processing in which personal data is replaced by anonymous data. Pseudonymization is reversible and as such still concerns personal data that falls under the GDPR.
Pseudonymization does decrease the chance of misuse of the data in the event of a data leak, because you have to know how the algorithm works. Ordina has the right expertise and the solution you need if you want to make your IT landscape compliant with the regulations regarding non-production systems. Ordina Data Migration Street (ODMS) is a tool created by Ordina for data migrations. ODMS is independent of the source technology so that it can be used on all databases. ODMS 3.0 is a future-proof solution that is ISO-27001 certified and is offered to various customers as a service. Ordina makes continuous improvements so that compatibility with the latest standards is guaranteed. Ordina Data Migration Street is supplemented with algorithms for homomorphic encryption developed by COSIC. As both tools used the same algorithms, referential integrity can be guaranteed. The cryptographic library of the COSIC research group contained encryption, hashing and MAC algorithms and FPE (format preserving encryption) and randomization tools.
Deadline 25 May 2018. The clock is ticking … It is important that you take measures in good time to comply with the new rules. Do you know which personal data you process, on what basis they are processed, where this information is located, who uses it or who has access to it? What protection have you provided or what protection have your suppliers provided (e.g. cloud supplier, accountant, social secretariat, marketing or communication agency, IT suppliers, call centers etc.)? What steps must you take in relation to the training of your personnel, improvements to the IT and application environment, clauses in supplier contracts, etc. to be compliant with GDPR?
Why choose Ordina?
Security is in our DNA, Ordina is a secure by design company, every member of staff has completed the required security awareness sessions and/or obtained certifications, the Ordina group is also IS0 27001 certified. You will be assisted by a dedicated security-team with in-depth knowledge of international, European and local privacy legislation. You will benefit from the strength of a local IT partner, that communicates clearly and is used to Belgian thought and action. Our many convincing reference customers will show you that our experts are beyond their practice piece.