Services
Covering both governance and technical assurance
For really effective engagements, we often advise on both governance and technical assurance combined. This allows us to provide a realistic perspective of security within the enterprise. In our experience this is something that tends to be overlooked by most security providers.
Our assurance services tend to be interview or workshop-based (or at least start from that basis). Occasionally we do get to inspect technical configurations, but in the main we deal with policy, process, standards and procedures.
Even if the initial engagement is only a short, high level review, it can quite often help justify a business case for additional services (technical, information assurance or a combination).
Summary of services
Our services will tend to fall into either an ‘assessment’ or an ‘audit’ type focus. A summary list of services is as follows:
Security Health Check
Information Governance Review; aka ‘Health Check’ and is a high level review of policy, process, procedure or product/service within a Group, company, department, service, outsourced third party, data centre etc
Security Policy Review
Security Policy Review and Development; help with policy and standards authoring including all aspects of risk management. Ideally, policy should reflect business requirements, be easily understandable and be succinct / enforceable
ISMS Implementation
ISO/IEC 27001 – Implementation and Rollout; guidance and help on all aspects of ISO/IEC 27001 design, scoping, planning and implementation either as a security strategy or through to UKAS certification.
Compliance & Audits
Compliance and Audit; against PCI DSS, ISO/IEC 27001 or any security / compliance-based framework the client is using, including independent internal audit for your ISMS
Virtual CISO
Mentoring for organisations that require help in implementing a good framework for security, attend Forum meetings or need assistance in developing a security manager function
Maintenance & Refresh
Bringing your ISMS up to date in readiness for the next surveillance visit, enhancing and expanding the scope or just giving your ISMS a new lease of life – making it work for your business
Cyber Threat Readiness
For those high level business assessments we have developed a full BIA methodology whereby critical assets are identified in preparation for threat modelling and incident response development
ISO 22301
ISMS Matters can assist you in implementing / maintaining an ISO 22301 Business Continuity Management System (BCMS). ISO 22301 specifies a management system regarding an organization’s business continuity arrangements
ISO 27001
ISMS Matters offer a FREE 2 hour ISO 27001 consultancy assessment of your site and free training advice for companies. This will include producing a quote outlining the true cost of implementation for your business
Please contact us now for a free quote on your upcoming requirements or project…