ISO Consultation

A multinational financial institute with head office in Hong Kong, providing professional financial services worldwide

Size
200+ Employees

Service
ISO 27001 Certification Consultation Services

Challenge
Set up information security management system in a MNC with over 200 employees distributed worldwide and leading client’s management to participate in the improvement cycle.

As a global financial institute, our client globally runs several real-time trading systems at any one time. Our mission is to set up our client’s security management framework and information security level, base on ISO27001 standard to reduce information security risks. At the same time, to provide our technical recommendations for our client and lead them to grant the ISO27001 certification and more importantly, an continual improvement model for their information security.

Solution
Establish ISMS manual, policies, procedures and guidelines for ISO27001 security framework and system structure. Provide technical recommendations for improvement and corrective action plan.

Through interviews with our client’s management team, our audit team designs a set of manuals as the information system management system.

Onsite checking is also performed for the implementations part of the audit, aiming not only at to prepare our client environment technically, but also providing solid experience for our clients in facing certification body auditors upon the real trail of certification.

Result
Our client has successfully passed all stages of the ISO 27001 certification on a first time trial.

Deliverables:
•    Information Security Management System design, setup, implementation and manual.
•    Policies, procedures and guidelines relating to ISO27001 standard.
•    Internal audit and vulnerabilities assessment.
•    Technical recommendations for system and framework improvement.
•    Practical experiences in facing ISO auditors during the qualification.

Follow-up
With ISO27001, the aim is always continual improvement. After the certification assessment, a list of suggestions is made by the certification body. Practical advises are given to our client and thereafter our team continue to work with our client to monitor the progress of each suggestion and ensure they are completed prior the next audit.

Benefit
With the implementation of ISMS, our client has successfully started an improvement cycle on their information security. With our practical advises on technical implementations and our knowledge in industrial standards, our client were able to achieve a high standard of information security within their field. With our help on the certification of ISO27001, our client’s business grew with confidence.

More Updates

🔐 𝗪𝗵𝗼 𝗜𝘀 𝗜𝗻𝘃𝗼𝗹𝘃𝗲𝗱 𝗶𝗻 𝗛𝗼𝗻𝗴 𝗞𝗼𝗻𝗴’𝘀 𝗡𝗲𝘄 𝗖𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝗜𝗻𝗳𝗿𝗮𝘀𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗟𝗮𝘄?Since 𝟭 𝗝𝗮𝗻𝘂𝗮𝗿𝘆 𝟮𝟬𝟮𝟲, the 𝘗𝘳𝘰𝘵𝘦𝘤𝘵𝘪𝘰𝘯 𝘰𝘧 𝘊𝘳𝘪𝘵𝘪𝘤𝘢𝘭 𝘐𝘯𝘧𝘳𝘢𝘴𝘵𝘳𝘶𝘤𝘵𝘶𝘳𝘦𝘴 (𝘊𝘰𝘮𝘱𝘶𝘵𝘦𝘳 𝘚𝘺𝘴𝘵𝘦𝘮𝘴) 𝘖𝘳𝘥𝘪𝘯𝘢𝘯𝘤𝘦 (𝘊𝘢𝘱. 653) has come into force. The law establishes a comprehensive framework to protect essential services from cyber threats.Under Cap. 653, designated 𝗖𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝗜𝗻𝗳𝗿𝗮𝘀𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲 (𝗖𝗜) 𝗢𝗽𝗲𝗿𝗮𝘁𝗼𝗿𝘀 are organizations whose computer systems are essential to maintaining critical societal or economic activities in Hong Kong.🏗 𝗦𝗲𝗰𝘁𝗼𝗿𝘀 𝗗𝗲𝗳𝗶𝗻𝗲𝗱 𝗮𝘀 𝗖𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝗜𝗻𝗳𝗿𝗮𝘀𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲 𝗜𝗻𝗰𝗹𝘂𝗱𝗲:1. Energy⚡2. Information Technology💻3. Banking & Financial Services🏦4. Air Transport✈5. Land Transport🚆6. Maritime Transport⚓7. Healthcare Services🏥8. Telecommunications & Broadcasting📡In addition, any other infrastructure the damage, loss of functionality or data leakage of which may hinder or otherwise substantially affect the maintenance of critical societal or economic activities in Hong Kong may also fall within scope.These operators are now legally required to establish cybersecurity governance frameworks — from maintaining dedicated computer-system security management units to reporting incidents, conducting periodic risk assessments and audits, etc.Besides the CI Operator, there are 𝘀𝗼𝗺𝗲 𝗼𝘁𝗵𝗲𝗿 𝗞𝗲𝘆 𝗥𝗼𝗹𝗲𝘀 𝘂𝗻𝗱𝗲𝗿 𝗖𝗮𝗽. 𝟲𝟱𝟯:👥🔹 𝗖𝗼𝗺𝗽𝘂𝘁𝗲𝗿-𝘀𝘆𝘀𝘁𝗲𝗺 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝗨𝗻𝗶𝘁Responsible for managing and safeguarding critical computer systems and ensuring compliance with the Ordinance.🔹 𝗦𝘂𝗽𝗲𝗿𝘃𝗶𝘀𝗼𝗿 𝗼𝗳 𝘁𝗵𝗲 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝗨𝗻𝗶𝘁An appointed employee with sufficient cybersecurity expertise, responsible for supervising the unit and notifying the regulating authority of the appointment.💡 𝗖𝗮𝗽. 𝟲𝟱𝟯 𝗺𝗮𝗿𝗸𝘀 𝗮 𝘀𝗶𝗴𝗻𝗶𝗳𝗶𝗰𝗮𝗻𝘁 𝘀𝗵𝗶𝗳𝘁 𝗳𝗿𝗼𝗺 𝗯𝗲𝘀𝘁 𝗽𝗿𝗮𝗰𝘁𝗶𝗰𝗲 𝘁𝗼 𝗹𝗲𝗴𝗮𝗹 𝗼𝗯𝗹𝗶𝗴𝗮𝘁𝗶𝗼𝗻.If your organization operates within a potentially designated sector, early preparation is essential.

𝗧𝗵𝗲 𝗥𝗲𝘀𝘂𝗿𝗴𝗲𝗻𝗰𝗲 𝗼𝗳 𝗣𝗼𝗸𝗲́𝗺𝗼𝗻

🎮 𝗧𝗵𝗲 𝗥𝗲𝘀𝘂𝗿𝗴𝗲𝗻𝗰𝗲 𝗼𝗳 𝗣𝗼𝗸𝗲́𝗺𝗼𝗻: 𝗛𝗼𝘄 𝗢𝘂𝘁𝗦𝘆𝘀𝘁𝗲𝗺𝘀 𝗘𝗻𝗮𝗯𝗹𝗲𝘀 𝗤𝘂𝗶𝗰𝗸 𝗮𝗻𝗱 𝗥𝗲𝗹𝗶𝗮𝗯𝗹𝗲 𝗢𝗽𝗽𝗼𝗿𝘁𝘂𝗻𝗶𝘁𝘆 𝗖𝗮𝗽𝘁𝘂𝗿𝗲𝗧𝗵𝗲 𝗥𝗲𝘀𝘂𝗿𝗴𝗲𝗻𝗰𝗲 𝗼𝗳 𝗣𝗼𝗸𝗲́𝗺𝗼𝗻 𝗮𝗻𝗱 𝗧𝗖𝗚'𝘀 𝗡𝗲𝘄 𝗥𝗶𝘀𝗲Since launching Pokémon Red and Pokémon Green in 1996, the Pokémon series has been a global favorite. Recently, the craze has resurged, driven by the 𝗧𝗿𝗮𝗱𝗶𝗻𝗴 𝗖𝗮𝗿𝗱 𝗚𝗮𝗺𝗲 (𝗧𝗖𝗚)'s explosive growth.Data shows TCG sales soaring, with billions of players worldwide, especially in Hong Kong and Asia, buzzing about new packs and online battles. This phenomenon offers vast business opportunities - companies must act swiftly to engage fans in this fast-paced market.🔎 𝗖𝗮𝘀𝗲 𝗜𝗻𝘀𝗶𝗴𝗵𝘁: 𝗧𝗣𝗖𝗶'𝘀 𝗗𝗶𝗴𝗶𝘁𝗮𝗹 𝗘𝘃𝗲𝗻𝘁 𝗟𝗼𝗰𝗮𝘁𝗼𝗿Facing fan anticipation before Pokémon Day (February 27), The Pokémon Company International (TPCi) needed a 𝗗𝗶𝗴𝗶𝘁𝗮𝗹 𝗘𝘃𝗲𝗻𝘁 𝗟𝗼𝗰𝗮𝘁𝗼𝗿 app to link players with global events.Traditional development couldn't keep up with the surge. OutSystems, a low-code platform for rapid app building, stepped in, showcasing its speed and reliability in this project.🚀 𝗢𝘂𝘁𝗦𝘆𝘀𝘁𝗲𝗺𝘀' 𝗦𝗽𝗲𝗲𝗱 𝗔𝗱𝘃𝗮𝗻𝘁𝗮𝗴𝗲𝘀TPCi adapted an existing location tool for the new Pokémon Day API under tight deadlines. Using OutSystems, the team and partner valantic met security and performance needs in 10 days, deploying in under a month. The app supports 7 languages, works on desktops, tablets, and mobiles, and includes a backend for easy event updates. Unlike months-long traditional methods, this low-code approach enabled quick iteration, connecting 14,000 players to events and raising attendance by 70%, capitalizing on the TCG wave.🛡 𝗢𝘂𝘁𝗦𝘆𝘀𝘁𝗲𝗺𝘀' 𝗥𝗲𝗹𝗶𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗔𝗱𝘃𝗮𝗻𝘁𝗮𝗴𝗲𝘀The app handles global traffic and multilingual demands reliably. Load tests simulated 300,000 users in 12 minutes without crashes. Its' UX emphasizes scalability and reusability, embeddable in marketing pages for future use. Backend ensures real-time data accuracy, boosting satisfaction and efficiency, establishing TPCi as a digital leader in TCG's rise.💡 𝗖𝗼𝗻𝗰𝗹𝘂𝘀𝗶𝗼𝗻: 𝗛𝗮𝗿𝗻𝗲𝘀𝘀 𝗢𝘂𝘁𝗦𝘆𝘀𝘁𝗲𝗺𝘀 𝗳𝗼𝗿 𝗕𝘂𝘀𝗶𝗻𝗲𝘀𝘀 𝗔𝗴𝗶𝗹𝗶𝘁𝘆OutSystems' speed and reliability empower enterprises to navigate dynamic markets and drive digital transformation. In fast-paced environments like Hong Kong, it enables rapid app development for customer engagement and operational efficiency.This TPCi case exemplifies low-code platforms' power, delivering scalable solutions that position businesses as innovation leaders.

𝗣𝗿𝗶𝗻𝗰𝗶𝗽𝗹𝗲𝘀 𝗳𝗼𝗿 𝗣𝗿𝗼𝘁𝗲𝗰𝘁𝗶𝗻𝗴 𝗣𝗿𝗶𝘃𝗮𝗰𝘆

🔐 𝟳 𝗞𝗲𝘆 𝗗𝗮𝘁𝗮 𝗣𝗿𝗼𝘁𝗲𝗰𝘁𝗶𝗼𝗻 𝗣𝗿𝗶𝗻𝗰𝗶𝗽𝗹𝗲𝘀 𝗳𝗼𝗿 𝗣𝗿𝗼𝘁𝗲𝗰𝘁𝗶𝗻𝗴 𝗣𝗿𝗶𝘃𝗮𝗰𝘆The EU General Data Protection Regulation (GDPR) came into force on 𝟮𝟱 𝗠𝗮𝘆 𝟮𝟬𝟭𝟴, which is the one of the world's strictest privacy laws. It aims to standardize data protection rules across the digital single market, enhance individual control over personal information, and adapt governance due to the technological developments and digitalization.The GDPR introduces 7 key data protection principles to ensure organizations handle data legally, securely, and with full transparency and responsibility:✨𝗟𝗮𝘄𝗳𝘂𝗹𝗻𝗲𝘀𝘀, 𝗙𝗮𝗶𝗿𝗻𝗲𝘀𝘀, 𝗧𝗿𝗮𝗻𝘀𝗽𝗮𝗿𝗲𝗻𝗰𝘆: Personal data must be processed lawfully, fairly and in a transparent manner in relation to the data subject.✨𝗣𝘂𝗿𝗽𝗼𝘀𝗲 𝗟𝗶𝗺𝗶𝘁𝗮𝘁𝗶𝗼𝗻:  Personal data can only be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.✨𝗗𝗮𝘁𝗮 𝗠𝗶𝗻𝗶𝗺𝗶𝘀𝗮𝘁𝗶𝗼𝗻:  Processing should be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.✨𝗔𝗰𝗰𝘂𝗿𝗮𝗰𝘆: Personal data must be accurate and, where necessary, kept up to date with reasonable steps taken to erase or rectify inaccuracies.✨𝗦𝘁𝗼𝗿𝗮𝗴𝗲 𝗟𝗶𝗺𝗶𝘁𝗮𝘁𝗶𝗼𝗻: Personal data should be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.✨𝗜𝗻𝘁𝗲𝗴𝗿𝗶𝘁𝘆 𝗮𝗻𝗱 𝗖𝗼𝗻𝗳𝗶𝗱𝗲𝗻𝘁𝗶𝗮𝗹𝗶𝘁𝘆: Personal data must be processed in a manner that ensures security of the personal data using appropriate technical or organisational measures.✨𝗔𝗰𝗰𝗼𝘂𝗻𝘁𝗮𝗯𝗶𝗹𝗶𝘁𝘆: The controller shall be responsible for, and be able to demonstrate compliance with the principles.The GDPR extends its reach beyond the EU by explicitly requiring compliance from organizations established outside the EU in certain situations. Given the variety of business and transaction models, it is essential for the businesses in Hong Kong to assess whether the GDPR applies to them and to stay informed about ongoing regulatory developments.💡 𝗣𝗿𝗶𝘃𝗮𝗰𝘆 𝗰𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲 𝗶𝘀 𝗻𝗼 𝗹𝗼𝗻𝗴𝗲𝗿 𝗼𝗽𝘁𝗶𝗼𝗻𝗮𝗹 — 𝗶𝘁’𝘀 𝗮 𝗯𝘂𝘀𝗶𝗻𝗲𝘀𝘀 𝗶𝗺𝗽𝗲𝗿𝗮𝘁𝗶𝘃𝗲.