Information security


Information security

You do not need to make a certification of information security ISO27001 to implement control and mitigation principles to respond to the confidentiality, integrity and availability of your data. ROOX has experience in understanding the particularities of organizations, bridging the gap between the trinomial, security requirement of the company, capacity or investment objective and response to the principles of information security standard, which include the adaptation of processes, service management, digital perimeter solutions, MFA, DLP, among many others.

It takes an organisation an average of 56 days to detect that it has been attacked.
Team trained in ISO27001
ROOX is an ISO27001 certified company

Benefits and features of the Service

Information security is the central concern of all organisations that manage and work with knowledge. In the case of the legal profession, the risks of unavailability of the IT system in general, or piece in particular when you need to meet a court deadline, or the leak of confidential data in the context of a cyber-attack, or even by an insider, cause unforeseeable reputational damage. Cyber-attacks are a question of when and not if they will happen.

Data on reputation

Data leakage

Unavailability of data at critical times

While not aiming for ISO27001 certification, which is complex and expensive, ROOX has an approach to the standard, implementing the control and mitigation mechanisms set out in the middle.

Response to ISO27001

Investment in response to the objectives and financial capacity of the company

ROOX first diagnoses the current situation, which assigns a score calculated according to the existing risks. Afterwards, a proposal is made to improve this score so the company can decide on the risk it wants to take according to its financial investment objectives..

AS-IS Diagnosis

TO-BE Proposal

Medium/long term plan

No matter how many technologies are implemented, the main risk will always be on the people inside the organisation since their behaviour is the leading risk factor. Therefore, the first step is to follow ROOX's recommendations. We have security awareness training, besides access to a group of professionals with experience in implementing an ISO27001 certification process that can help your company to be more secure. Information security is not just about technology; it's about techniques.

ISO27001 implementation

Security awareness actions

Security training

Find out more about

Information security

Please note, your browser is out of date.
For a good browsing experience we recommend using the latest version of Chrome, Firefox, Safari, Opera or Internet Explorer.