Question 1

1. What type of organisations does SiSS work with?

Accepted Answer

SiSS works primarily with organisations operating in regulated or high-risk environments, including financial services, fintech, healthcare, mining, logistics, and enterprise technology environments. We support organisations subject to regulatory, contractual, or standards-based security obligations.

Question 2

2. Do you focus on compliance or technical security?

Accepted Answer

Both. Our approach integrates regulatory compliance with practical technical security implementation. We ensure controls are not only compliant on paper, but implemented, tested, and defensible in real operational environments.

Question 3

3. Which standards and regulatory frameworks do you support?

Accepted Answer

We support a range of international and local frameworks, including:
 • ISO/IEC 27001 (Information Security Management Systems)
 • ISO 22301 (Business Continuity Management)
 • ISO/IEC 27701 (Privacy Information Management)
 • POPIA (Protection of Personal Information Act)
 • FSCA / Prudential Authority (Joint Standard on Cybersecurity and Cyber Resilience)
 • NIST Cybersecurity Framework

Question 4

4. Can SiSS help us prepare for audits or regulatory inspections?

Accepted Answer

Yes. We assist organisations in preparing for internal audits, certification audits, and regulatory reviews by assessing control maturity, identifying gaps, and supporting remediation. Our focus is on audit readiness and evidence-based assurance.

Question 5

5. Do you provide implementation support or only assessments?

Accepted Answer

We provide both. Depending on client needs, we deliver:
 • Gap assessments and risk reviews
 • Policy and control framework development
 • Hands-on implementation support
 • Independent assurance and validation
Our services can be advisory, delivery-focused, or a combination of both.

Question 6

6. Do you offer Virtual CISO or ongoing advisory services?

Accepted Answer

Yes. We provide Virtual CISO and retained advisory services for organisations that require ongoing security leadership, regulatory guidance, and strategic oversight without employing a full-time CISO.

Question 7

7. How does SiSS differ from traditional cybersecurity consultancies?

Accepted Answer

SiSS focuses on practical implementation and regulatory defensibility rather than generic assessments or tool-driven engagements. We work closely with leadership and technical teams to ensure controls operate effectively and align with business realities.

Question 8

8. Can you work with our existing IT and security teams?

Accepted Answer

Absolutely. We collaborate with internal IT, security, risk, and compliance teams, as well as external service providers, to strengthen controls without disrupting existing operations.

Question 9

9. How do we get started with SiSS?

Accepted Answer

You can start by contacting us directly for an initial discussion. We typically begin with a short scoping conversation to understand your environment, regulatory requirements, and objectives before proposing an appropriate engagement approach.