Information security and data privacy advisory services 

ELCA’s security and privacy advisory services are delivered by consultants with extensive knowledge of the most popular standards requirements, current regulations, the latest hacking techniques and related countermeasures, and the most efficient security solutions available on the market.

Yet, this theoretical expertise is a prerequisite, not an end in itself. The added-value provided by ELCA lies in the constant will to adapt the approach to the specific context faced by customers while respecting the fundamental principles that form the pillars of any security strategy.

Cyber risk management - Companies do not have infinite resources to deal with information security issues, hence the need to consider these from a risk perspective. However, few organizations have a risk management framework in place that is formalized, efficient and fully integrated into business processes. This leads to a lack of visibility on:

• The actual exposure to threats.
• The true security level.
• The relevance of security investments.
• The improvement opportunities.

ELCA assists you to better integrate the risk dimension into your overall security strategy through a range of services such as ISO27001 gap analyses, global or targeted risk assessments, implementation of governance models or comprehensive Information Security Management Systems (ISMS).

Data Privacy services - Data privacy regulations have become more stringent (e.g., FINMA 2008/21 Annex 3, GDPR, revision of the Swiss Data Protection Act). ELCA has developed a privacy framework to help achieve your compliance objectives in a structured and pragmatic way, starting with a gap analysis and followed by a roadmap tailored to your context and available resources.

CSO/DPO as a service - Hire our security and privacy expertise on a "pay-per-use" basis, to lead or accompany security or privacy-related initiatives: perform a risk assessment in a project, draft a RFP and assist in the selection process, amend your standard contractual clauses to integrate the latest regulatory requirements, provide ad hoc advice on a specific topic, etc. With this collaboration mode you avoid the learning path and you benefit from top-level expertise.

Security coaching - This is particularly suitable for companies that are trying to position,  or improve the positioning of the security function within their organization. A senior expert with an external eye helps you identify and overcome potential blockages, define your priority actions, the security governance that fits your needs, accompany your organization to set up efficient processes and ensure the necessary fundamental security principles are respected.