McLean, VA, United States (PRWEB) December 12, 2011
ControlCase, a leading supplier of IT Governance, Risk and Compliance (GRC) software, Compliance as a Service (CAAS) and Certifications, has formed an independent and standalone division to perform ISO 27001 certifications.
ControlCase was recently awarded the ISO accreditation from the Dutch Accreditation Council, http://www.rva.nl, (RvA). With this accreditation, ControlCase can now offer clients with a compelling and more cost effective offering that combines expertise in PCI Data Security Standard (PCI DSS) compliance and ISO 27001 certification.
The independent team of experts in the newly formed ISO division can now offer services for Training, Initial Assessments, Certification Audits and Surveillance Audits for Certifications as per ISO 27001.
ControlCase complements these certification services with its pioneering Compliance as a Service (CaaS) enabling clients to manage the compliance obligations with fewer internal resources.
“By having knowledge and experience of both PCI DSS and ISO regulations, ControlCase is now able to offer existing and new clients even greater value as similarities exist between the two standards,” said Suresh Dadlani, COO of ControlCase, the driving force behind the accreditation. “For instance, both require audits and scans of systems to demonstrate compliance and both put an emphasis on physical security controls and access controls. Understandably each standard has its strengths in terms of security management, but there is undoubtedly an overlap between the two which means that if a client needs to be compliant in both, then ControlCase is in a position to provide them with extensive time and cost savings.”
Within the standards industry, PCI DSS and the ISO 27000 series are often compared, however the scope of ISO security standards is far wider than that of PCI DSS. PCI DSS applies specifically to personnel, processes and technology used to transmit process and store cardholder data, whereas the ISO 27000 series applies to any company needs to implement a security framework to protect the broad range of personal and business sensitive data.
In addition to ISO 27001/2 accreditation, ControlCase also provides accreditations and authorizations to include:
- Qualified Security Assessor Company (QSAC) as certified by PCI Security Standards Council;
- Approved Scanning Vendor (ASV) as certified by PCI Security Standards Council;
- Application Assessor (PA-DSS) as certified by the PCI Security Standards Council;
- Certified product licensee and assessor for the Shared Assessment Program, formerly Financial Institutions Shared Assessments Program (FISAP) by banking institution forum BITS;
- Authorized to provide Experian data security EI3PA assessments; and
- Authorized to certify companies to the TG3 standard.
Suresh Dadlani concluded: “PCI DSS is mandated, whereas ISO is voluntary. However, businesses, especially financial institutions, are becoming more selective about whom they partner and work with, and in some cases being ISO compliant can be the difference between winning and losing contracts. Therefore, an ISO certification will not only provide an organization with greater control of its security, but it will also open doors to business opportunities and enhance customer confidence.”
ControlCase is a global provider of IT Governance, Risk and Compliance (GRC) software, Compliance as a Service (CAAS) and Certifications. Its offerings enable organizations to effectively manage their IT Governance, Risk Management and Compliance (IT GRC) efforts. Headquartered in the United States, with offices in Europe, India and the Middle East, ControlCase provides compliance related software and services for companies and government agencies that require a consistent and repeatable means of complying with multiple regulations.
For more information, go to http://www.controlcase.com.