Help AG, a security services and solutions provider in the Middle East, has furthered its position as a leading provider of managed security services in the Middle East by achieving Information Security Management System ISO IEC 27001:2013 certification. This confirms that Help AG has implemented over 110 stringent security controls relating to Physical and Environmental Security, Technical Security, Personnel Security, Supplier Relations, Operations Security, Business Continuity, Incident Management, and Compliance.
The audit and certification were carried out by BSI Group following a stringent internal audit by Help AG’s own Strategic Security Consulting division.
“We understand that there are some reservations that regional businesses have about trusting security controls to service providers. Our ISO27001 certification enables us to guarantee the right level of controls exists and is audited by an external agency at regular intervals,” said Stephan Berner, CEO at Help AG. “This together with initiatives such as delivering all services locally, offering an on-premise deployment option, fully recording all access, and strictly adhering to all local laws has helped us address customer concerns and challenges regarding management and access to sensitive data by our managed security services team.”
Preparation for the certification began in parallel with the service launch last year. For this, Help AG carried out risk assessment, drafted required policies and procedures, and ensured the required security controls were well implemented. This was followed by intensive internal audits and assessments. The decision to certify its managed security services by an external party post-service launch was made to ascertain all the security controls, policies and procedures were in place as originally planned.
To achieve the certification, Help AG has adopted clauses as per ISO27001:2013 10 and implemented security controls for each of the applicable controls as documented under ISO27002:2013.
As per aggregated statistics, Middle East and Africa contributes amongst the lowest to annual ISO 27001 certifications.
Globally, the number of ISO 27001 certifications has grown 20% in 2015 YoY.
Help AG’s managed security services division offers customers 24/7 Monitoring, Compliance, Forensic Analysis, Incident Handling and Remediation, Log Management, Operational Event Reporting, and Security Platform Management. These are delivered as subscription-based services that can be easily integrated with the customer’s existing security infrastructure, whether it is on-premises or cloud based.
In addition to the ISO/IEC 27001:2013 certification, Help AG’s managed security services division differentiates itself by being a provider that complies with the UAE government’s regulatory frameworks, delivering all services 100% locally and in accordance with local laws. While maintaining technical controls that are in line with industry’s best practices including encryption, data leakage prevention, privileged access management, end session recording for access into managed security services components.
Commenting on the benefits that managed security services offers to regional businesses, Berner said, “Even large enterprises in the region lack the financial and human resources to have specialised teams of IT security experts. This leaves them with little time to continuously monitor their infrastructure for cyber threats and makes incident response a tremendous strain on already overworked employees. Our managed security services is an affordable way for businesses to gain ready access to the very best security experts to significantly enhance their security posture.”