ISO 27001

ISO 27001 is the International Standards Organization specification governing information security management. Information security has broad implications for company operations and interactions with customers. Internal data and data submitted by customers and suppliers must be handled securely. Apart from internal benefits from comprehensive information security policies, your company needs ISO 27001 certification to qualify for work that involves the handling of sensitive data.

Promiron helps its clients in implementing Information Security Management System, ISMS, by offering the following services in a structured and time bound manner:
  • GAP analysis (Existing position vs. ISO 27001 Guidelines)
  • Risk Assessment
  • Creation and implementation of ISMS
ISO 27001 Compliance Our services involve implementation and testing the operating effectiveness of the existing controls. This way we can make sure the proper implementation of the plans is in action and then the testing is done to make sure that the there is a better effective implementation of the actions for the benefit and the holistic growth of the company.

Send us an enquiry for more information. Top

Information Risk Management

Risks are often camouflaged in the process of the management of an organization. They lurk around and remain dormant in the organizations, and often pose a threat to the success of Organizations mission and objectives. Often understated and not known by many, these risks may prove to be lethal to the company in the time to come. Therefore, we at Promiron are all up to fishing around and finding these risks, then analyzing and removing them off, to give you the best services, sans risks!

Our services would
  • Understand and analyze the existing environment and its setup.
  • Perform Gap analysis with standards such as ISO 27001, SANS, NIST etc. / other industry benchmarks like CIS, CERT etc.
  • Analyze the likelihood of a threat materializing against the existing vulnerabilities, and the resulting impact from a successful compromise.
  • Assess the adequacy and effectiveness of the existing implemented controls and make recommendations for improving the same.
  • Make recommendations to improve and strengthen IS controls.
Send us an enquiry for more information. Top


With the increase in the volume of online financial transactions, there is an urgent need to secure card holder data. Every customer, before offering their bankcard at point of sale, on the phone, over the internet, needs an assurance that their credit or the debit card information is safe. Therefore, PCI DSS compliance is required by all entities that store, process, or transmit Cardholder data, including financial institutions, merchants and service providers.

The consultants and experts at Promiron have the expertise of conducting PCI DSS assessments for the organizations handling card holder data.

Send us an enquiry for more information. Top


SSAE 16 or SOC 1 is an enhancement to the current standard for Reporting on Controls at a Service Organization, the SAS70.Statement on Standards for Attestation Engagements (SSAE) No. 16, is an attestation standard issued by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA).

A Service Organization Control report (SOC) is an extremely useful description of a company’s controls, processes and procedures. This report provides a User Organization a detailed description of the Service Organization's controls, and an independent assessment of whether the controls were placed in operation, suitably designed, and operating effectively (in the case of a Type II report).

Our advisors can assist with all aspects of your SOC (including SOC 1, SOC 2, SOC 3) reporting needs, and ensure that your organization is compliant to the regulatory requirements.

Send us an enquiry for more information. Top


Gone are the days when important data used to be stored in files and was then stored away stacked in the lockers! Now is the time for the storage of the data in a more compact and user friendly, easy to use form. However, it introduces a serious concern to the data security which could bother professionals and business houses alike.

Various laws and regulations are being developed by the Governments of various countries to safeguard and maintain the confidentiality of sensitive information like Personally Identifiable Information (PII) for EU Data Protection Directive for Europe and Data Protection Act of UK and Patients Health Information (PHI) for HIPAA (Health Insurance Portability and Accountability Act). These laws and regulations enforce severe penalties for not safeguarding the data.

The consultants and experts at Promiron ensure that our customers comply with all the industry and regulatory requirements.

Send us an enquiry for more information.