Audit Consulting and Compliance Services

This service involves conducting and reporting vulnerability scans over the internet in compliance with the Payment Card Industry Data Security Standard (PCI DSS - Requirement 11.2.2) on a quarterly basis. Cyberwise is the only Turkish Approved Scanning Vendor (ASV) authorized by the PCI Council.

This consultancy service, provided by Cyberwise QSA experts, involves reviewing and completing the Self-Assessment Questionnaire (SAQ) required to be filled out annually by Level 3 and Level 4 merchant establishments for PCI DSS compliance. The review includes customer systems, network infrastructure, relevant data security policies, and documentation, which are then shared with the banks.

This consultancy service is conducted by Cyberwise QSA experts and is aimed at Level 1 and Level 2 merchant establishments and Service Providers for PCI DSS compliance. It involves conducting on-site analysis at customer facilities prior to the audit service to identify any deviations from the audit objectives and to determine the roadmap for achieving full compliance.

This on-site audit service, conducted by Cyberwise QSA experts, is provided to Level 1 and Level 2 merchant establishments and Service Providers for PCI DSS compliance. At the end of the audit, a globally recognized Attestation of Compliance (AOC) document and certificate are delivered to the organizations.

This consulting service involves analyzing the recommendations resulting from the audit conducted by QSA experts for PCI DSS compliance. It includes evaluating the solutions implemented by the organization in response to the findings and ensuring their compliance with PCI DSS requirements. If necessary, the service also provides guidance on the procedures required for achieving compliance.

This consultancy service is provided to 3DS Service Providers and is focused on the 3DS standard, which is designed to improve online transaction performance and enhance the security of electronic commerce to accelerate its growth. It involves conducting an analysis by Cyberwise 3DS experts at customer facilities prior to the on-site 3DS audit to identify any deviations from the audit objectives and determine the roadmap for achieving full compliance.

This on-site audit service, conducted by Cyberwise 3DS experts, is provided to 3DS Service Providers at customer facilities. Cyberwise is the first and only Turkish company to offer this service in Turkey.

The systems covered under SWIFT are analyzed based on CSP (Customer Security Programme) security controls. This analysis includes reviewing relevant policies and procedures, conducting individual interviews with relevant employees, and verifying the implementation of CSP controls in the systems. The findings resulting from the variance analysis will be documented in a report.

This process involves collaborating with the organization to design and plan recommended measures by Cyberwise consultants for implementing the activities outlined in the variance analysis and integrating them into the organization's existing processes. The consultancy will provide guidance on the projects required for SWIFT CSP compliance throughout the process.

Starting from the second quarter of 2021, it is mandatory for SWIFT CSP program to be audited by internal or external auditors. Self-attestation performed by organizations will no longer be accepted by SWIFT from that date onwards. A formal audit report, evaluating the organization's current status based on the mandatory and advisory control items, and an audit completion letter will be presented to the organization.

This consultancy service involves reviewing the software development life cycle (SDLC) processes within the organization, designing them if necessary, and incorporating security processes into the lifecycle. The service aims to provide the necessary expertise for integrating security processes into the SDLC.

With extensive expertise in data security and considering the legal aspects, Cyberwise offers end-to-end solutions for ensuring compliance with the General Data Protection Regulation (GDPR) by implementing the most appropriate technical measures.

Cyber Incident Response Exercises involve simulating an incident to enhance the understanding of existing cybersecurity processes and how information dissemination, alerting, and communication processes work during an incident. A real-life cyber attack scenario is simulated specifically for the organization. The exercise can be conducted as a half-day tabletop exercise or remotely in a live exercise format.

These services focus on ensuring compliance with regulations specific to energy facilities. The service can be provided as a comprehensive offering or on a topic-by-topic basis. It includes services related to asset-risk management, ISO 27001 compliance, security analysis, and compliance testing.

ISO 27019 is a reference standard and not a certifiable standard. Under this service, consultancy is provided to align industrial facilities with the best practice examples defined within the scope of the ISO 27019 standard.

This service involves conducting a gap analysis and providing compliance consultancy tailored to the targeted security level for industrial facilities or products.

These compliance services are offered for critical infrastructure based on the "Information and Communication Security Guide" issued by the Digital Transformation Office of the Presidency of Turkey The services include gap analysis and compliance assessment.