SIC ASSESSMENT

The endpoint security framework in the SIC system defines the requirements for testing compliance with the security measures defined in the framework. All SIC users must annually certify compliance with the mandatory controls in the form of a “self-attestation”. SIC5 (instant payment) has strong implications for architecture and processes and requires early, adequate preparation.

We will help you become SIC5-ready

This can either be an internal control body or a qualified external service provider such as InfoGuard. Our SIC5 assessment provides you with a comprehensive overview of your current situation as well as recommendations for measures to meet SIC5 compliance. The following is included in the SIC framework assessment:

Kickoff & planning

• Layout of the relevant processes, directives, systems, etc.
• Identification of the critical systems
• Definition of the project organisation, roles and framework conditions
• Definition of test area (scope)
• Preparation of interview schedule
• Determination of the current status

Inspection and review of existing documents

• Inspection and review of existing documents
• Interviews and workshops with employees
• Verification of configurations/settings (risk-based sampling)

Identification of deviations from SIC5 and their evaluation in terms of criticality

• Clarification of open questions
• Reconciliation of the results
• Development of a detailed catalogue of measures
• Report finalisation and delivery

Our experts meet the formal requirements defined by the SNB and can advise you on cyber-security topics, support you as (technical) service providers and also carry out the annually required compliance assessments.

Interested? Then fill out the form on the right and we will contact you shortly.

*The auditor must have demonstrable expertise in the field of information security.
Individuals involved in the audit should have at least one of the following professional certifications: PCI QSA, CISSP, CISA, CISM, ISO 27001 Lead Auditor, SANS GIAC.