Zazoon is an online tool that automates Governance, Risk and Compliance processes, reduces costs and streamlines business operations. We assist companies with organising and structuring their processes, protecting and enhancing their business value, powering them with risk-informed decisions, helping them stay on top of compliance and regulatory risks.
Zazoon was founded in Zurich by cybersecurity and GRC specialists with 20+ experience in the industry that developed an intuitive solution that helps organisations reduce risks and improve security posture and compliance. We are committed to innovation, excellence and enhancing the way businesses manage and remediate their risks. Our belief and commitment have resulted in the solution that manages the complexity of GRC and data protection across your enterprise.
Zazoon understands that effective cybersecurity, at its heart, is not just about technology, it is more about people. That is why our approach lies in GRC as a basis of cybersecurity: in order to protect and safeguard your business, it is important to implement policies and governance procedures, improve employee awareness, identify, remediate and monitor risks, take a holistic perspective on relationships with third parties.
The Zazoon strategy is built on cross-departmental transparent and actionable interaction. We’ve put together a platform that embraces IT, compliance, HR and governance. This approach allows us to address challenges that arise in different parts of the organisation, detect risks and identify vulnerability points that may arise in business functions and build a strong organisational risk management programme.
Suggestion of policies relevant to your business based on your industry, location, organisational assets and their location
Policies pre-written by cybersecurity specialists that can be edited through our policy builder
Sending approved policies to all relevant parties and tracking if policies were opened and signed
Building a library of policies relevant to your business
Policies are mapped to the international standards controls
Security standards as technical documents designed for security practitioners
Developed primarily from ISO2700X but revised to be topic-focused with task-based checklists to help validate the quality of security controls
Foundation standards cover the basic rules for Information Security, including company's security roles, security framework itself, risk management and controls
Infrastructure standards apply controls to the lower half of the technology stack, such as physical environment, networks, including internet services and mobile devices
List standards that extend the security controls to the higher elements in the technology stack, including software, access controls and how to protect business data both at rest and on the move
Security event management includes standards focused on logging and monitoring, technical vulnerabilities and management of security incidents
Suggestion of assessments relevant to your business based on your industry, location and selected international standards
Compare existing administrative, physical, and technical controls of your business with the standards depicted in an established framework
Conduct assessments to identify any unknown risks, establish a baseline or prepare to an audit of a specific standard
After completing an assessment, you will have an understanding of what aspects of the framework are working well and what aspects require your attention
Go through an assessment and identify your risks
Accept and assign a specialist to monitor a risk or remediate it
Observe all the risks on the risk heat map sorted by the business impact and occurrence probability
Sort the risks according to their criticality, organise your workspace, utilise an interactive graph and create customisable reports
Identify your company's crown jewels, assign the data subject and data criticality, identify people who have access to such data and take required measures for its protection
Undergo a data protection assessment suggested to you based on your customers' location
Keep up with compliance requirements in the field of GDPR and FADP
Create a data protection programme in your organisation and keep control of the number of people who have access to classified data
Organise your vendors by the type, related project, assign the person in charge and the approving manager
Utilise the contract builder, prewritten by legal professionals, and send the final contracts for signature to the respective parties or simply upload a signed contract
Upload vendor certifications and keep track of their expiration by getting notifications
Run vendor assessments in order to evaluate the risk exposure of the cooperation with specific vendors
Create and customise reports at any section of the platform, depending on your goals
Upload your company's template with the logo to make reports more personalised
Utilise interactive dashboards for more transparent management and workload
List your assets and their location and get personalised policies to protect them
Select your industry and location and select applicable laws and standards
Identify what data protection laws your business should adhere to based on the your customer location
The meeting represented a watershed moment for the prominence of cybersecurity on the global agenda. Not only will it ensure that cybersecurity remains a recurring agenda point in future bilateral discussions between these two nations, but it will also be a prompt for other nations to reflect upon their cybersecurity posture, given that cyber threats transcend national borders.
Small and medium enterprises (SMEs) constitute 99% of businesses in the EU and face diverse cybersecurity challenges including low management awareness and commitment. In a time of heightened threats and remote work, a low-security budget and lack of cyber skills can seriously impact SMEs' competitiveness. By strengthening resilience across the whole value chain, the EU can take full advantage of digital transformation and the benefits of a digital single market.
New survey finds that the attack also motivated more information sharing within the industry and improved supply chain security. The good news is that security teams are beefing up network defenses, but the bad news is that most companies have recently suffered a cybersecurity incident that required a board meeting. That's the analysis from the 2021 Cybersecurity Impact Report from IronNet.