Information Security | DWS

DWS New Zealand information security assurance service offers an in-depth evaluation of an organisation’s current security and privacy risks/control status, coupled with recommendations and management plan. This empowers both the organisation and its leadership team to make well-informed decisions concerning acceptable information security risk level and related controls.

Based on the New Zealand Information Security Manual (NZISM) requirements and Protective Security Framework, DWS skilled resources can deliver end to end InfoSec assurance services, from Risk Assessment and Assurance to Certification and Accreditation (C&A).

DWS services are adaptable to various system and project development methodologies, including waterfall, agile, and DevOps practices, and we can collaborate with organisations and/or operate independently to facilitate/ conduct the mandated C&A activities for its information systems/services.


Risk & Threat Assessment

The identification and evaluation of information security risks/threats associated with information systems/cloud services are essential for comprehensive audit planning. DWS facilitates business, technology, privacy and validation workshops with subject matter experts from the relevant domains to ensure a comprehensive identification of risks and a thorough and effective risk assessment.

 

Risk Management Plan/Remediation Plan

Built upon the Risk Assessment’s findings and in collaboration with the relevant SMEs, this plan outlines risks, designs tailored responses, and align mitigation efforts with business objectives and compliance standards. It is an actionable roadmap, translating Risk Assessment insights into concrete steps to minimize risks and vulnerabilities of the in-scope solution(s). DWS ongoing consulting services help organisations to implement and track progress of the plan.


 

 

Control Validation Audit Plan

This document outlines security controls identified in risk assessments and the approach taken to audit these controls

 

Control Validation Audit Report

This report provides assessment of security controls implemented effectiveness against design/NZISM requirements. Also takes input from security testing, vulnerability scanning or any other related security audit reports


 

Security Certification Report

The security certification report details the findings of the security controls audit. It documents the scope of the security audit, certification dependencies, the overall findings of the audit and re-assessment of residual risk considering any partial effective or ineffective controls. The security certification report is signed by the Certification Authority and System Owner.

 

Security Accreditation Memo

The security accreditation memo is a formal document which authorises an information system to operate. It specifies the date after which accreditation will expire. The security accreditation memo is signed by the Accreditation Authority.