Khartoum: +249 (0)123 101702    [email protected]

Home ⤏ ISO 27001

Information Security Certifications

Information security certification and compliance is now a major concern for all organizations and is now on the board agenda alongside cyber security. By achieving ISO 27001 certification or PCI DSS compliance, your business demonstrates that it takes information security seriously.

Broken Cipher provides consultancy, security testing and other services to help organizations achieve ISO 27001 Certification or PCI DSS compliance. We have worked with many organizations across different sectors.

Our team of qualified and experienced ISO 27001 and PCI consultants will work with you to assess how you are currently managing information security. They will identify key risks and areas of non-compliance, provide clear prioritized and pragmatic recommendations.

ISO 27001 and PCI DSS

What is ISO 27001?

ISO/IEC 27001:2013 is the international information security standard that is now accepted as best practice both within the Sudan and worldwide.  The standard provides requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS).  ISO 27001 is also accompanied by ISO 27002 which is used as a reference for selecting security controls with the ISMS.iso-logo

What is PCI DSS?

The Payment Card Industry Data Security Standard or PCI DSS is a set of information security requirements designed to reduce payment card fraud and is applicable to any organization that stores, processes or transmits cardholder data.  PCI DSS is a global standard.  The PCI Security Standards Council has recently released PCI DSS v3.1.


Differences between ISO 27001 and PCI DSS

ISO 27001

  • Is recognised globally
  • Compliance is voluntary for non-regulated organisations
  • An ISO 27001 certification will involve an assessment of the ISMS scope which may be companywide or limited to a certain part of an organisation.
  • ISO 27002 controls are implemented based on the assessed risk to the information asset(s).
  • Additional notes: ISO 27001 is a governance/policy based approach to secure information.
  • Current version: ISO 27001:2013


  • Is recognized globally
  • Compliance is mandatory for organizations that store, process or transmit cardholder data as part of their merchant agreement with their acquiring bank.
  • The scope is limited to the Cardholder Data Environment.
  • PCI requirements are set by the PCI Council and their applicability is based on how an organization stores, processes or transmits payment card data.
  • Additional notes: PCI DSS is a technical security standard and addresses how organizations secure payment card data to combat credit card fraud.
  • Current version: PCI DSS 3.1

Our Services

ISO 27001 services offered:

  • Introductory awareness sessions
  • ISMS scoping
  • Business impact analysis and risk assessment
  • ISO 27001/2 Gap analysis
  • Remediation assistance
  • Options analysis
  • Solution design and implementation support
  • Security policy review/development
  • Security awareness training
  • Technical design review
  • Incident response plan review and development
  • Pre-Certification assessment

PCI DSS services offered:

  • Introductory awareness sessions
  • PCI DSS Programme management and strategy definition
  • Scoping study
  • Gap analysis
  • Remediation assistance
  • Options analysis
  • PCI DSS network design review
  • Business process change
  • Report on Compliance (ROC)
  • SAQ support and validation
  • Training and policy development

To arrange an audit implementation or to discuss your requirements