REGULATORY COMPLIANCE READINESS CONSULTING
EXECUTIVE SUMMARY
Various regulations such as EU GDPR, PCI-DSS, SOX, HIPAA and SSAE are being applied to your company or organization at the government or industry level.
RURA, which operates under strong regulation at the government level, is a regulation that is applied to companies and institutions operating public facilities in Rwanda, and according to Law Nº 09/2013 of 01/03/2013, which governs RURA, it is applied as a mandatory to seven business areas as follows.
1. Telecommunications, information technology, broadcasting and converging electronic technologies including the internet and any other audiovisual information and communication technology;
2. Postal services;
3. Renewable and non-renewable energy, industrial gases, pipelines and storage facilities;
4. Water;
5. Sanitation;
6. Transport of persons and goods; and
7. Other public utilities, if deemed necessary.
As most government-level regulations operate in general with strong penalties, a thorough preliminary preparation is required, since a large amount of penalty will be imposed if the RURA regulation is violated.
In addition, RURA's information security regulations consist of detailed requirements that encompass not only technical security but also administrative security and physical security, therefore you have to organize and prepare an enterprise-wide T/F team.
Our consultants who have a thorough understanding of RURA regulations and have many years of experience in information security and various cases, can solve your troubles enough.
Once this project is completed, You will achieve the following goals:
ㆍA good understanding of the information security experts for Audit Results
ㆍSufficient corrective action preparation and virtual simulation for Audit Results
ㆍImplementing security document sets for managerial security required by Regulation
ㆍBuilding cost effective security system for technological security required by Regulation
ㆍExhaustive advanced preparation for the all detailed requirements of Regulations
SERVICE STRATEGY
A. Professional Consultant T/F Team Composition
- Consists of consultants with years of experience dealing with various regulations in information security
- Consists of consultants who have a perfect understanding and experience for the regulation
- Consists of experts in the field of technical security for many years and experts in management and operational security
B. Rapid and Systematic Service Providing using by Pre-prepared Solution Portfolio
- Utilize pre-prepared standard templates and corrective actions for sectorial requirements such as Telecom, Broadcasting, and Information Technology
- Utilizes already prepared information security standard document set including appropriate information security policies, guidelines and procedures
- Use cost effective security solution portfolio already secured by technical security requirements of regulations
METHODOLOGY
The consulting methodology consists of 4 phases from Understanding to Certification Support. Depending on the scope of project, there are a little bit deference tasks and steps of each phase.
※ Deliverables
Corrective Action Plan, Phased Regulatory Compliance Virtual Simulation, Establish Security System Required by the Regulation (optional), Information Security Policies and Procedures required by Regulation, Information Security Education and Training required by Regulation
PROJECT CASE-TELECOM
Simulation of Compliance Status for RURA’s Telecom Network Security Requirements (15 Articles, 71 Requirements)
RURA regulatory requirements are largely divided into three categories, and service portfolios are provided according to requirements.