Serenetis Consulting

Welcome to Serenetis Consulting

Security Governance, Risk and Compliance

Serenetis Consulting provides B2B consulting services on Security Governance, Risk and Compliance, with the overall objective to improve organisations' security resilience. Whether an organisation has little experience in protecting their information and services, or are experienced and need enhancement, we can help in setting up or improving the processes and best security practice that meet the business objectives.

As an independent consulting practice, we do not sell IT products or technologies. Therefore our advice is always vendor independent and tailored to the best interest of our clients.

Typical consulting activities that we provide are indicated below.

Consulting Services

Virtual CISO: provide the organisation with a security expert who will initiate, develop and maintain the security program, policy and procedures that are best suited to the client's business strategy.
Risk analysis: identify, assess security risks that impact the organisation information system, provide an action plan to mitigate and manage these risks.
GDPR & Privacy: advise the organisations on how to comply with the GDPR and the security implications for their projects (security by design, subjects rights, etc.), carry out DPIA.
PCI DSS compliance: we guide and advise the organisation through the best practice that are needed to manage and limit the scope of PCI DSS, to implement the right security controls and set up all processes and documentation. We do liaise with your PCI DSS auditor to facilitate the audit.
Security Assurance: we work with you to implement (or improve) the security activities that need to take place throughout your projects lifecycle. From design, through build, run and decommission phases, we define and help implement the adequate security controls that need to be addressed.
Incident Management: provide the methodology to plan, test, implement and react when a cybersecurity event occurs.

Audits & Assessments

Internal audits and assessments: carry out independent audits on the organisation’s projects, business divisions, information system.
External audits: carry out assessments of contractors, partners and their compliance to the security clauses of the contract or other security standards.
Audit methodology: all audits are prepared with the client in order to understand the context and objectives. An audit plan is defined, all findings are documented and justified with evidence. Depending on the organisation needs, we will base the audit on the client's own referential (security policy, third-party contract, etc.) or we will recommend the referential that is best suited (referential such as ISO 27001, NIST Cybersecurity Framework, CIS Controls, PCI DSS).

For clients who are looking to start or improve their security program but are unsure where to start, we will carry out a review of their current Security practice and will provide them with a detailed Action Plan.

Our expertise covers the typical security measures that are found in security standards and frameworks: