• picture
  • picture
  • picture

BS ISO/IEC ISO 27001:2010 can be adopted by any organisation wishing to implement a formal procedure to reduce the risks associated with information security.

  • Security Penetration Testing & Vulnerability Scans: for applications, systems, networks and infrastructure as well as internet facing systems. Firewall reviews and recommendations on improving security posture.
  • Security/Technical architecture & design review: review build & deployment of systems into specific  environments, assessing against relevant CESG standards /guidelines.
  • Definition of developing strategy and budgets for specialised security initiatives.
  • Specialist security consultancy to protect against breaches in availability, confidentiality and integrity and facilitate security investigations.
  • Third Party Security reviews and audits on outsourced partners review of existing questionnaire sets.
  • Management System Implementation including gap analysis with the following management systems

e.g. Information Security Management System (ISO 27001), Business Continuity Management (BS 25999), IT Service Management (ISO 20000), Environment Management System (ISO 14001), Occupational Health and Safety Management System BS OHSAS 18001, Quality Management System ISO 9001.

  • Recommendation and implementation of security solutions associated with database security, web application firewalls, Intrusion detection systems and security monitoring solutions.
  • Risk management: assessment of risks & regulatory requirements (inc PCI-DSS, SOX, etc.) surrounding IT, information security & corporate governance, including implications of noncompliance.
  • Security Analyst work involving with reviewing security, capturing requirements for projects andrecommending controls.
  • Performing business impact assessments and formulating strategy in respect to disaster recovery and business continuity.
  • Document skills associated with internal security services when they are not readily available in-house.
  • Setting up security awareness campaigns and providing high level and low technical level security training.
  • Project/Programme Management and administration support services as well as business analysis and requirements gathering.
  • Provision of CESG CLAS approved Consultants for projects as well as provision/recruitment of security/general consultants for specific medium terms (6+ months) term  engagements.
  • Security Audits, access reviews & risk assessments based on 27001 best practices and client policies against 3rd parties, internal systems and systems in development.

The benefits of ISO 27001

Protecting information - your most valuable asset.

In common with other management systems’ standards, it is based on the ‘Plan-Do-Check-Act’ model that seeks to improve continually the effectiveness of the organization through proficient planning, implementation, supervision, review and maintenance.