Information technology consulting services

Information security has become a key element of corporate governance, risk management, and regulatory compliance. For organizations operating in regulated and digital environments, effective security depends on well-governed processes, clear visibility over IT systems, and continuous risk management. 

RSM Uzbekistan supports organizations through security assessments, compliance reviews, and implementation support aligned with international standards and regulatory requirements. Our services help organizations strengthen cybersecurity controls, proactively address risks, improve security awareness, and maintain sustainable compliance through practical and structured approaches.

ISMS Development and Implementation is a structured engagement for organizations that have decided to formally establish or enhance an Information Security Management System, typically with the objective of ISO/IEC 27001 certification or regulatory alignment.

This service involves defining scope, conducting formal risk assessments, establishing governance and accountability, developing policies and procedures, implementing controls, and integrating information security into operational processes. The emphasis is on building a complete, auditable management system that is effective in practice and sustainable over time.

Unlike a maturity assessment, this engagement assumes executive sponsorship, organizational commitment, and resource allocation. The outcome is a functioning ISMS that can be independently audited and relied upon to protect information assets and support business continuity.

For organizations that store, process, or transmit payment card data, PCI DSS compliance is a mandatory requirement enforced by payment schemes, regulators, and acquiring banks.

RSM Uzbekistan is an accredited PCI DSS assessment provider, authorized to conduct formal PCI DSS assessments and issue official validation outputs in accordance with PCI Security Standards Council requirements.

We perform independent PCI DSS assessments for banks, payment service providers, fintech companies, merchants, and service providers, covering both initial compliance and ongoing validation obligations. Our role is to objectively assess compliance against PCI DSS requirements and produce the appropriate attestation and reporting artifacts required by stakeholders.

Our services include formal PCI DSS assessments resulting in Reports on Compliance (ROC) or Self-Assessment Questionnaire (SAQ) validation, depending on merchant or service provider classification. Where gaps are identified, we provide clear, risk-based observations aligned strictly with assessment standards, while maintaining assessor independence.

We provide independent ISO/IEC 27001 internal and readiness audit services to support organizations in validating the effectiveness of their ISMS. These audits are designed to assess conformity, identify nonconformities and systemic risks, and support continuous improvement.

Our audit approach emphasizes objectivity, clarity, and practical recommendations, helping organizations reduce certification risk and strengthen long-term compliance sustainability.

An Information Security Maturity Assessment is designed to help management understand the current state of information security within the organization. It is an independent, diagnostic engagement that evaluates how information security is governed, implemented, and embedded in practice, without assuming or requiring immediate certification objectives.

This assessment focuses on management oversight, risk awareness, control consistency, and organizational readiness. It provides leadership with clarity on strengths, weaknesses, and priority areas, enabling informed decisions about future investment, remediation, or formal compliance initiatives.

The outcome is strategic insight. Management gains a structured understanding of where the organization stands today and what options exist for strengthening security in a proportionate and business-aligned manner.

For financial institutions connected to the SWIFT network, compliance with the SWIFT Customer Security Programme (CSP) is a mandatory requirement designed to strengthen the security of the global financial messaging ecosystem. Annual independent assessments help confirm the proper implementation of SWIFT Customer Security Controls Framework (CSCF) requirements.

Our services include independent CSP assessments for banks and financial institutions, validation of SWIFT CSCF control implementation, and preparation of required assessment reports. Where gaps are identified, we provide clear, risk-based observations while maintaining assessor independence and professional objectivity.