Information Security Governance

At Sothis we help organisations to define an information security strategy in line with their business aims and goals. In doing so, we ensure:

  • Identification and reduction of risk exposure of business practices to an acceptable level.
  • Compliance with regulatory requirements and implementation of internationally recognised good practices.
  • Auditing and checks of current compliance with the security measures in place.

For that reason, our Information Security Governance department offers:

Development of a Security Master Plan

The Security Master Plan (SMP) analyses the current position of the organisation and establishes a road map to reach an adequate level of security for senior management by defining and prioritizing a series of initiatives based on risk analysis findings and the organisation’s needs.

In conjunction with the SMP, the Information Security Governance Model can address the following initiatives:

  • Implementation of Information Security Management System based on ISO 27001 and certification support.
  • Development of an ICT Business Continuity Plan based on ISO 22301.
  • Regulatory and legal compliance:
    • National Security Scheme (ENS) adaptation for both public and private sector organisations.
    • General Data Protection Regulation (GDPR) adaptation.
    • Critical Infrastructure Protection Law adaptation.
    • PCI DSS v3.2 implementation support
  • Cybersecurity culture

ISG as a Service

At Sothis we offer companies the option of outsourcing the roles of Chief Information Security Officer (CISO) and Data Protection Officer (GDPR requirement) by assigning the work to a team of technical and legal specialists in information security.


Lastly, we can adapt ISG to the needs of organisations using tailor-made solutions such as, for examples:

  • Risk analysis
  • Security auditing in accordance with ISO 27002