Feb 2022 | Hong Kong, Macau & China
ISO/IEC 27002:2022 Information Security, cybersecurity and privacy protection – Information security controls
New version of ISO/IEC 27002, known as the guidelines to ISO/IEC 27001 requirements of information security management system, is released today to replace the current 2013 version. The new version will provide reference to security controls on Information Security, Cybersecurity, and Privacy Protection. The new version of ISO/IEC 27001 is expected to align with the structure of controls in ISO/IEC 27002:2022.
The number of controls is changed to 93 controls of ISO/IEC 27002:2022 from 114 controls of ISO/IEC 27002:2013. The controls are grouped into 4 categories in the new version instead of 14 clauses in the current version. The controls are:
1. Organizational controls
2. People controls
3. Physical controls
4. Technological controls
Feb 2022 | Hong Kong, Macau & China
ISO/IEC 27001:2013/DAM 1:2022(E), the draft version of ISO/IEC 27001:2022 has been released for comment and approval. The draft outlines the proposed structure of the possible information security controls.
Voting will be due on 26 April 2022. Afterwards, the ISO committee will go through amendment, approval, and formal publication stages.
The number of controls will be changed to 93 controls from 114 controls of ISO/IEC 27002:2013. The controls are to be grouped into 4 categories in the new version instead of 14 clauses in the current version. The controls are:
1. Organizational controls
2. People controls
3. Physical controls
4. Technological controls
Jan 2022 | Hong Kong
Standing Offer Agreement for Quality Professional Services 5 (SOA-QPS5) -- The Standing Offer Agreement for Quality Professional Services 5 (SOA-QPS5) enlarges the Government's delivery capacity for IT services and accelerates the delivery of IT solutions to support the increasing demand of digital government services. The contract period of SOA-QPS5 is from 31 January 2022 to 30 January 2026 covering three Categories of services:
Category A: Pre-implementation, programme/project management services, ongoing services, implementation and combined system development services;
Category B: Information security, privacy assessment and independent testing services; and
Category C: Deployment and maintenance of common services.
Jan 2022 | Hong Kong, Macau & China
Thank you for trusting and working with us. You made a good decision to adopt our professional skills and talents. We are looking forward to working with you all in coming New Year!
Thank you for all the opportunities!
Happy Lunar New Year!
Kung Hei Fat Choy!
Jan 2022 | Hong Kong, Macau & China
Information security researchers discovered a critical security vulnerability in the logging library log4j on December 2021.
The log4j vulnerability not only threatened the organization’s servers; it may exist in any third parties or digital vendors used by any website and online service, your security measurements are only as strong as your weakest link in the supply chain, the only important thing to do to mitigate this vulnerability is to map your website’s digital components into an assets inventory.
We are looking forward to provide a vulnerability assessment to enable you to detect vulnerabilities in either your local scripts or digital vendors in real-time to remediate your digital supply chain vulnerabilities before the damage is done.
Sep 2021 | Hong Kong
Corporate and Security Solution Limited and wholly owned subsidiary CASSolution Macao Limited, have been awarded the ISO/IEC 27001:2013 certificate, a globally recognised international standard for Information Security Management System (ISMS) for our consultancy, assessment and training services. We represent our commitment to delivering the highest level of services across the world.
ISO/IEC 27001:2013 is the international standard that helps organizations managing the security of information, confirming their ability to avoid, mitigate and transfer the risk, and safeguard information. Its compliance is becoming increasingly important as regulatory requirements such as GDPR, Cybersecurity Law, move to the forefront of enterprise security. With data breaches on the rise, protecting information has never been more paramount.
Safeguarding information security has become a top priority and critical task of any business including IT or Non-IT business since data is driving the world and economies. We are looking forward to continuing to provide our professional services to exceed customers’ expectation with the highest standard of information security.
8/9/2021 | Hong Kong
We are pleased to announce that CASSolution is honoured as Good MPF Employer in year of 2021
23/6/2021 | China
Data Security Law of the People’s Republic of China has been passed on 10 June 2021 and will become effective on 1 September 2021. This law will govern not only data activities conducted in China, but also regulate data activities conducted outside of China by any individuals or organizations that harm the national security or the interests of citizens and organizations in China. A national level data categorization and classification system will be established according to this law to implement different levels of data protection. This law will also impose data security protection obligation, govern cross-border data transfer, agent service for data transaction and licensable data processing services.
13/5/2021 | Hong Kong
As you may know, ISO 9001:2015 was issued in 2015 by International Organization for Standardization (ISO). Every a few years, the organization would review if the standard needs to be updated. And so, the organization just finished reviewing the need of updating this standard.
The members of the ISO Technical Committee 176, Sub-Committee 2 (TC176/SC2) have taken the decision not to proceed update of ISO 9001:2015.
This may mean that, following a further systematic review starting in 5 years, plus time for the review and with 3 years of development time, a new edition of ISO 9001 may not be published until 2030.
You can check the news at the link.
28/1/2021 | Hong Kong
On 28 Jan 2021, new format of ISO/IEC DIS 27002 (Information security, cybersecurity and privacy protection - Information security controls) is available and released that it has been technically revised. This third edition mainly focus and suit with the emerging and marketing trends in information technology of cybersecurity and privacy protection.
ISO/IEC 27002 recommends information security controls addressing information security control objectives arising from risks to the confidentiality, integrity and availability of information.
➤ The phrase "Code of Practice" has been dropped from the title of this document to better reflect its purpose of being a reference set of information security controls.
➤ The structure of the document has been updated and amended to avoid overlaps and duplications, presenting the controls using a simple taxonomy and associated attributes.
➤ Some controls have been merged, some deleted and several new controls have been introduced.
22/5/2020 | Macau
CASSOLUTION Macao Limited officially became the supplier of the Financial Services Bureau supplier database of the Government of the Macao Special Administrative Region on May 11, 2020. The included supplier classification is 015-003 ISO Consultant. (website: http://www.dsf.gov.mo/supplierDB/), please browse for it.
18/5/2020 | Hong Kong
Under the second round of the Anti-epidemic Fund, the Government has launched the Distance Business (D-Biz) Programme to support enterprises to continue their business and services during the epidemic, the Programme provides funding support through fast-track processing for enterprises to adopt IT solutions for developing distance business.
For each IT solution and services and the relevant training expenses for the employees, the funding ceiling per each application is HK$100,000. Each enterprise may receive total funding of up to HK$300,000 to undertake projects to be completed within six months.
Corporate and Security Solution Limited, being a “Suppliers for Quality Professional Services 4 (SOA QPS4)” by OGCIO of HKSARG and IT Service Provider Reference List under this D-Biz Programme, offers IT security consulting and assessment one stop solution. Please feel free to contact us by email@example.com.
14/5/2020 | Mainland China
Effective June 1, 2020, the Measures for the Security Review is an implementation of article 59 of the national security act and article 35 of the network security act, which regulates the security review mechanism for procurement of network products and services by Critical information infrastructure operators (" CII operators "). The objective is to identify and prevent the procurement of network products and services from causing risks and hazards to the operation of CII through network security review, so as to ensure the security of CII supply chain and safeguard national security.
10/3/2020 | Hong Kong and Macau
What is ISO 13485 standard?
ISO 13485 (Medical devices - Quality management systems - Requirements for regulatory purposes) is an internationally recognized standard that addresses the development, implementation and maintenance of a quality management system in the medical device industry. It specifies requirements for a quality management system where an organisation needs to demonstrate its ability to provide medical devices, and that related services in the life cycle of medical devices, consistently meet customer requirements and applicable regulatory requirements. The relevant life cycle can include design, production, installation, servicing and sales of medical devices.
1/1/2020 | Mainland China
On October 26, 2019, approved by the 14th meeting of the Standing Committee of the 13th National People's Congress, the first comprehensive law in the field of password management, the "Cryptography Law of the People's Republic of China was finally adopted and effective at January 1, 2020. The password are divided into core passwords, ordinary passwords and commercial passwords. Core passwords and ordinary passwords shall be used to protect state secret information. Core passwords shall be used to protect information of up to secret level and ordinary passwords shall be used to protect information of up to confidential level. Commercial passwords shall be used to protect ordinary commercial information rather than the state secret.
6/11/2019 | Mainland China
The Cybersecurity Multi-level Protection Scheme (“MLPS 2.0”) is set to come into effect on December 1, 2019 in Mainland China. This scheme constitutes with three new national standards include (1) the GB/T 22239-2019 Basic Requirements for the Multi-level Protection of Information Security Technology, (2) the GB/T 25070-2019 Information Security Technology Cybersecurity Multi-level Protection Security Design Technical Requirements, and (3) the GB/T 28448-2019 Information Security Technology Cybersecurity Multi-level Protection Assessment Requirements, together with the drafted New Regulation and other regulations and national standards that will be released.
1/8/2019 | Macau
The Cybersecurity Law No.13/2019 was published on 24 June 2019 and will come into force on 22 December 2019 in the Macau Special Administrative Region. The Cybersecurity Law applies to public, and private critical information infrastructure (‘CII’) operators including domestic or foreign companies qualified running a business in areas such as banking, finance, insurance, gambling, telecommunication, or healthcare, among other things. The Cybersecurity Law requires Private CII operators to establish internal cybersecurity management units, to carry out routine self-assessments and to submit an annual report to the relevant supervisory authority.
22/3/2019 | Hong Kong
Building a Sustainable Smart City via Big Data Analytics and Internet of Things (IoT). By using the Internet of Things and Big Data to innovate and deploy smart services that create smart living, we can create a smarter city. The concept of Smart City is able to use and analyze big data for patterns, behavior and potential crisis that make life better and easier. As Hong Kong is moving towards a Smart City vision, itSMF can play a vital role to provide the enablers with the right IT strategies and tactics, the best practices, talent development, innovation and solutions to streamline IT service delivery processes during the transformation.
11/3/2019 | Hong Kong
On 25th May 2018, General Data Protection Regulation (GDPR) will replace the existing European Data Protection Directive.
CASSolution provides consultancy services deliberately on cyber security, data protection, and management services.
Training is a way to unleash the people’s potential. We provide various technology and management trainings.
CASSolution provides assessment services based on international, national standards or customized requirements.
Cyber Security and Data Protection
Risk Management, Business Continuity & Disaster Recovery
ISO Management Systems
Penetration Test / Vulnerability Assessment / Privacy Impact Assessment165
“We would highly recommend CASSolution which provides the professional services of consultancy, assessment and training of ISO/IEC 27001.”
“ CASS has committed with the professionalism in ISO management consultancy service and helped us achieve certification in a certain timeframe. ”
“CASSolution worked without interruption with our staff, advising us on cost-effective best practices and leading us to success.”
“ We have been working together for the last eight years and I have nothing but praise for your work as a consultant on information security and data protection. ”
“ ...we have no hesitation in recommendation of CASSolution to other companies looking to achieve a dedicated level of consultancy within this cyber and IoT environment.”
“ CASSolution contributed significantly to our overall success of the information security and data protection implementation, BCP implementation and Penetration test programs since 2009. ”
“ CASSolution assisted us, in spite of our daily business challenges, to implement a program which is customized to our needs, easy to maintain and has demonstrated effectiveness in continual improvement of our processes. ”
Our Core Values
We value sustainable approach
We believe in knowledge and people’s unlimited potential
We value mutual respect
We are devoted to the job and life's rewards
Corporate and Security Solution Limited, or CASSolution in short, is a Hong Kong based IT security consulting firm founded in 2006, and a subsidiary was formed in Macao in 2020. Our mission is to help our customers to create sustainable growth, achieve business excellence and add value through the provision of our excellent and professional services.
- All consultants completed internationally recognized ISO 9001 QMS Lead Auditor training.2021
- All consultants were certified in APMG ISO/IEC 20000 ITSMS Auditor.2021
- All consultants completed internationally recognized ISO/IEC 27001 ISMS Lead Auditor training.2021
- CASSolution and subsidiary certified with ISO/IEC 27001:20132021
- CASSolution subsidiary certified with ISO 9001:20152020
- CASSolution subsidiary became the supplier under Macau SAR - Financial Services Bureau supplier database2020
- CASSolution subsidiary in Macao was established.2020
Became HKSAR OGCIO Standing Offer Agreement for Quality Professional Services 4(SOA-QPS4) Sub-contractor2018
Became Accredited Consulting Organization of EuroCloud2015
Became Accredited Training Organization of EuroCloud2015
- Certified with ISO 9001:20082009
Became interested supplier under HKSAR OGCIO2009
Became Certified Business Continuity Professional Training Provider of DRII2009
Became one of the global partners of Minitab.2008
- CASSolution was established.2006
A devoted and competent team is our most valuable asset; our consultants have over fifteen years of professional experiences and received a variety of professional qualifications