GDPR creates a new framework for dealing with personal data, taking account of recent social changes and technical innovations such as cloud computing, globalization and the popularity of social networks. By law, digital personal data must be sufficiently protected. Those who respect the right to privacy increase commercial confidence. Ordina security experts help you out of the impasse …
To manage your information security risks properly, you must tackle this in several fields: your data, people and processes, applications and infrastructure. Changes or modifications in one field have an impact on the other fields. Obtaining a sharp picture of your various information security issues and risks is extremely important but at the same time extraordinarily difficult. Managing this question is a crucial part of our service. At Ordina, we have developed a Secure by Design method that guarantees the delivery of secure solutions that ensure the security and privacy of your organization. Our experts are happy to help you establish your daily risk management based on a well-considered action plan.
Ordina security consultants study the status of your information security management over a few days. Based on the official and de facto industrial standards (ISO 27001, NIST Cyber Security Framework, COBIT, SANS Top 20 Controls) we detect the inefficiencies in the security of your data, people, processes, applications and infrastructure. You receive a detailed report of your risks and the possible impact. Based on these insights and our expertise we provide you with proposals for improvement and a plan of action. Our security and risk expert takes account of the right balance between security and flexibility/productivity/financial aspects in this. You know how you have to organize your risks and what you need to work on first.
Application and Infrastructure Healthcheck
The Ordina security expert maps the systems in the digital chain and conducts penetration tests and ethical hacks to determine the vulnerabilities. He/she investigates whether people can use these vulnerabilities to gain access to your systems. You receive a report with a root-cause analysis and specific recommendations to solve weak spots and to secure your organization adequately against hackers. You have a clear picture of your risks and how you can solve or avoid these. A no-obligation list with proposals for improvement regarding your security.
Both the current privacy legislation and the new, stricter GDPR regulation have an impact on how Belgian companies must deal with digital personal data. There are also countless questions:
Have you already identified the personal data of your staff, customers, suppliers? If so, did you follow the correct procedure? / If not, do you know what the correct procedure is? What data is “personal”? Can you show where data has been stored for a particular person?
The “Privacy Audit” maps your risks and any shortcomings. You will receive a proposal for improvement.
Privacy & software development
New software applications, making web and mobile applications and business software available, ensuring that your organization capitalizes on market opportunities, with new products and services. DTAP (Development, Testing, Acceptance and Production) is a method that refers to the various phases required during software development.
The data files used in this process will have to be protected in the context of privacy.
Did you know that software developers and testers must not be permitted to see any privacy-sensitive data?
Your business must take appropriate technical and organizational measures to implement data protection principles in an effective way.
In the General Data Protection Regulation, the concept of “pseudonymized data” is introduced as the preferred solution for the use of personal data outside the production environment.
Pseudonymization is a procedure by which identifiable data is replaced through a particular algorithm with encrypted data (the pseudonym). The algorithm can always set the same pseudonym for a person, so that information about that person, can be combined, including from different sources.
Pseudonymization is reversible and as such still concerns personal data that falls under the GDPR. Pseudonymization does decrease the chance of misuse of the data in the event of a data leak, because you have to know how the algorithm works.
(Anonymization is an irreversible processing in which personal data is replaced by anonymous data, ed.)
Ordina has the right expertise and the solution you need if you want to make your ICT landscape compliant with the regulations regarding non-production systems.
Ordina Data Migratie Straat (ODMS) is a tool created by Ordina for data migrations. ODMS is independent of the source technology so that it can be used on all databases.
Ordina Data Migratie Straat (ODMS) 3.0 is a future-proof solution that is ISO-27001 certified and is offered to various customers as a service. Ordina makes continuous improvements so that compatibility with the latest standards is guaranteed.
Ordina Data Migratie Straat (ODMS) is supplemented with algorithms for (homomorphic) encryption developed by COSIC. As both tools used the same algorithms, referential integrity can be guaranteed. The cryptographic library of the COSIC research group contained encryption, hashing and MAC algorithms and FPE (format preserving encryption) and randomization tools.
It is important that you take measures in good time to comply with the new rules.
Do you know which personal data you process, on what basis they are processed, where this information is located, who uses it or who has access to it? What protection have you provided or what protection have your suppliers provided (e.g. cloud supplier, accountant, social secretariat, marketing or communication agency, IT suppliers, call centers…)?
What steps must you take in relation to the training of your personnel, improvements to the IT & application environment, clauses in supplier contracts, etc. to be compliant with GDPR?
Why choose Ordina?
Security is in our DNA, Ordina is a secure-by-design company, every member of staff has completed the required security awareness sessions and/or obtained certifications, the Ordina group is also IS0 27001 certified.
You will be assisted by a dedicated Security-team with in-depth knowledge of International, European and local Privacy legislation. You will benefit from the strength of a local ICT partner, that communicates clearly and is used to Belgian thought and action. Our many convincing reference customers will show you that our experts are beyond their practice piece.
Don’t hesitate to contact us.