Knowledge and experience to implement international standards (e.g: ISO27001, SOC-2, ISO27701, ISAE, PCI DSS, ISO13485, 9001) for smart technology B2B companies.
Platform to setup your Security,
Privacy and Quality System with a DIY approach.
Tap into the knowledge and expertise of our
Lean Compliance Designers.
Traditional Compliance requirements are paper and resources heavy, by the time everything is in place you need to start over again. At Compleye we translate requirements into meaningful and agile data points and make them available in real-time, to mitigate risks when needed.
There is little time to read piles of papers in the middle of operation. Following the Compleye way we make use of visuals and embed day-to-day tooling, to ensure that everyone is aligned on process and procedure and responds in a compliant way.
The core of every technology company should be an agile Information Security Management System. Especially, now in the digital-era new focus is needed when designing compliance frameworks. Starting with security first before we can control Privacy and deliver Quality.
ISO27001 is the international standard for Cybersecurity and the license to operate for every smart technology company. Compleye Online uses the ISO27001 elements as a core for all frameworks.
Up for a challenge? ISO27701 – the privacy framework, is dominated by documentation resulting in a lot of extra maintenance. Compleye aims for lesser documentation. Lets validate together if ISO27701 is the best fit for your company!
When scaling your business you will benefit from our QMS system. Compleye Online provides basic QMS elements and supports all standards (e.g. SOC-2, ISAE, PCI DSS, ISO13485, 9001, and customized requirements).
A multitude of factors contribute to obtaining the ISO the certification. Depending on the size of your team, the complexity of your IT Infrastructure and the time that you are willing to put into it. A call with one of our Lean Compleye Designers can help you identify a realistic timeline.
Simply put, corporate compliance means having internal policies and procedures designed to prevent and detect violations of applicable law, regulations, rules and ethical standards by employees, agents and others. It involves legal risk management and internal controls.
Always remember that it is much easier to become compliant as a small company and that you do not need to have a person on your team in charge of Security & Privacy to become compliant.
Answer: No, a certification body who is a member of the International Accreditation Forum (IAF), and additionally ISO/IEC 17021:2015 certified, will issue the certification. Compleye support you in your challenge by providing tooling (compleye online) and services (Sessions).
If you are a Startup or Scaleup, your corporate customers will require that you need to meet some of their own standards. However, you do not need to copy they way they are organizing their compliance. The Lean Compliance Approach of Compleye is focussed on digital, data and visuals, to make compliance less complex and more embedded in your organization.
You just need to negotiate which standards you need to have in place and you can define how to organize this.
If you are a B2B company, with a your own developed product, the first requirement will be ISO27001 – International standard for Cybersecurity. This covers topics from Business, Legal, IT Infrastructure, Development and Security organization.
We call it your licence to operate – and will ensure that you professionalize and embed your security in the heart of your organization.
The ISO27001 external costs for certification are approx.. 8-10 KEuro , depending on the size of your company (max 10 fte) and the complexity of your IT Infrastructure. This fee will be paid to an Audit Certificate Company and last for 3 years. Next to that you will need to design and implement your ISO27001 framework – if you do not have the time or expertise in your company, you will need to hire consultants.
It is important to have C-Level involved from the start of your compliance journey – Business and Development need to know what it takes to setup a good security framework. If you embed your compliance into your daily routines, it will take you less time to become and stay compliant and in this way your entire team understands the importance of security. So when security threats are entering your business, everyone knows how to act and you will avoid future disaster that will harm your business.
That is what we call a strong 1st line of defence and lesser time and money need to be spend on compliance jobs in 2nd line. That will save you compliance costs.
We understand that Starting a business cashflow is always tight. However if you want that big contract after your first POC, you will need to answer some compliance questions.
Compleye Online is an affordable solution for Start-ups that will give you all the templates and guidance needed for ISO27001.
We understand that compliance is a boring topic to most Tech and Business people, unfortunately that is the result of leaving it up to corporates. However, you do not have to take over the way corporate are organizing it.
The lean compliance approach starts always with your value proposition, instead of all the difficult standards, and that will make it a bit more fun.
Right now, if you are searching on the internet – it probably means that one of your customers have already made soem requests . So start with defining how you compliance roadmap could look like.
If you have developed (and maintain) your own application, GDPR is not enough. You will need to start setting up your ISO27001 framework and ensure that you are building in a cybersecure environment.
Before hiring your own compliance officer, buy first a Compleye Programs and work with one of our Online Compliance Officer. That will save you time and money at the start.
Do you want a full Role description?
[press call to action button… direct to info@compleye.io with re: compliance officer profile request.
ISO 27001 does not require a specific number of policies to be implemented. The policies depend on the type, capacity and services of your organisation
Not necessarily however, the organisations should consider that if vulnerabilities are identified internally using a scanning tool, you would still need to establish if vulnerabilities can be exploited or not. To do that, you would need to carry out a penetration test
Yes, these are GDPR mandatory requirements)
