We improve your firm’s Information Security Management Systems, to protect and enhance your reputation, help you win more business, control costs and reduce your risks.
- Does your company hold or handle information that your customers, employees or you, as directors or owners, consider to be confidential?
If the answer is YES, then you should talk to us about how an Information Security Management System (ISMS) can demonstrate you keep it secure.
- Do you have Professional Indemnity Insurance?
Have you checked the terms and conditions recently? You may find that your insurer expects you to have an Information Security Management System. If so, we can help.
Are you ISO 27001 Certified?
If NOT, then are you aware of the additional risks you may be running? Risks that may make it more difficult for you to prevent and detect information loss or theft and more difficult, time consuming and expensive to correct.
In the wrong hands, information about your clients, their data, your employees’ personal files and even emails between fellow directors could be highly damaging.
Protect Your Reputation
Every organisation relies on information and that means, like all other vital business assets, it needs suitable protection. Protection that matches your appetite for risk and deals with the threats you anticipate having to address.
Demonstrate You Can Be Trusted
ISO 27001, or to give it its full title, ISO/IEC 27001:2013 is THE standard for Information Security Management Systems. An organisation that holds the ISO 27001 certification demonstrates that it takes a systematic, risk based approach to ensuring the Availability, Confidentially and Integrity of its corporate information.
It shows you can be trusted to keep data secure and it demonstrates you comply with legislation in areas such as data protection and software copyright. It also helps you to control and often reduce operating costs, by putting in place consistent organisation-wide management systems and controls.
What You Need to Do
Talk to us! We know about ISO 27001 Information Security Management Systems and understand how to implement them with a business first approach. Unlike IT and technical specialists, we start with your organisation, we talk your language and we’ll ensure your Information Security Management System works for your business, as well as for your IT.
So it does the job you need it to do.
It may never have happened to you or your business and that is the way you want to keep it!
Dealing with the after effects of an information security breach is traumatic, time consuming and costly.
We are all aware of how risky the world is and how vulnerable our organisational performance and reputation is when information confidentiality, availability and integrity is adversely affected.
That’s why we all need to take a risk based approach to our Information Security Management Systems. And that’s where we can help you by;
- Developing your risk management strategy
- Undertaking risk assessments
- Implementing Information Security Management Systems to meet the ISO 27001:2013 standard from a Certified ISMS Lead Implementer CIS LI
Software and Services Organisation
Customer requirements lead this leading software and services provider to decide it needed to achieve Certification for its whole organisation, covering Information Security, Business Continuity and Service Management (ISO 27001, ISO 22301 and ISO 20000 respectively). We helped them achieve it…in four months
For the past 10 years we’ve worked with this provider of data and intellectual property to help it market its products and services effectively.
Throughout this time, we’ve developed its ability to assess, measure and manage the information security risks associated with the commercial exploitation of its data assets, through its differing commercial and business models.
We’ve also worked closely with the Board of Directors to help them understand the overall business risks and develop strategies to mitigate, tolerate, accept and transfer those risks.
Faced with a crisis, due to an incident in which an insider compromised the information security of this professional association, we worked with the leadership team to resolve the situation and return the operations to normal. This involved us in helping them re-gain access to their systems (email, website and other cloud based services) and ensuring that the threat was neutralised.
We then worked with the team to review their risks and put in place a revised and improved Information Security Management System to help reduce the risks of any repeat.
We are currently working on a project within a consultancy to assess its needs regarding ISO 27001 certification. This includes facilitating a workshop with the directors to explore their view of risk and their risk appetite. The project includes recommendations to manage the risks to acceptable levels. The next step is to help them decide if they will proceed to a full ISO 27001 certification project.