ISO 27001-certified organizations experience 62% fewer incidents with material impact. We assess the incident response, identify which controls failed, and design the evidence-based strengthening plan.
The organization suffered a cybersecurity incident (ransomware, data exfiltration, credential compromise, or supply chain attack) and needs to understand which controls failed, what the attack vector was, and how to prevent recurrence. The response team contains the threat but lacks methodology for structured causal analysis.
Without a rigorous post-incident analysis, the organization remains exposed to repeated attacks through the same vector. Insurers may reject future coverage if improvement is not demonstrated. Financial regulators require evidence of lessons learned. Corporate clients may terminate contracts due to lack of demonstrable incident management.
We execute a post-incident assessment in three phases: (1) forensic analysis of ISO 27001 controls that failed or were bypassed, (2) attack vector mapping against the Annex A controls matrix, and (3) design of the strengthening plan with technical, procedural, and training controls prioritized by criticality. We complement with ISO 22301 response capability assessment if the incident affected operational continuity.
Ideally within the first 72 hours after incident containment, while digital evidence is preserved and teams still recall the sequence of events. The containment phase must be completed first; we do not conduct assessments during an active incident.
Yes. We assess compliance with notification obligations to regulators and data subjects per the applicable jurisdiction. We also verify whether the incident creates obligations under sector regulations (BCRA for financial entities in Argentina, CNV resolutions, or equivalent regulations in other LATAM countries).
A pentest simulates attacks to find vulnerabilities before they are exploited. Our post-incident assessment analyzes an event that already occurred: which management controls (ISO 27001) failed, why detection was not timely, and how to improve organizational resilience. It is a causal analysis, not an analysis of isolated technical vulnerabilities.
Assessment within 72 business hours. ISO methodology. No ties to certification bodies.
Request diagnosis