About Us

About ISMS Matters

This website provides an overview of the types of information assurance services that we offer at ISMS Matters.

Our services are all about security from a framework or governance perspective. The most popular standard that relates to this type of service is ISO/IEC 27001 supported by the family of ISO standards. It is internationally recognised and has over 20,000 certifications worldwide.

However we are not limited to just ISO 27001 as we have plenty of experience in other frameworks such as the ISF SOGP, GMITS, HMG, COBIT, SPF, SOX and Mission Assurance Category (MAC).

Our consultants tend to come from a corporate background under various roles such as solution architects, professional services consultants or security testers.

This means however, that we do understand technical security and technical issues which helps us to qualify initial engagement scopes.

Generally, we do not offer ‘packaged services’ as in reality, nearly all Information assurance engagements are bespoke and tailored to the individual client’s needs. We do have a ‘portfolio’ of popular standard service offerings that can be used as a starting point for shaping engagements.

For really effective engagements, this should involve both governance and technical assurance combined. This allows us to provide a realistic perspective of security within the enterprise. In our experience this is something that tends to be overlooked by most security providers.

Our assurance services tend to be interview or workshop-based (or at least start from that basis). Occasionally we do get to inspect technical configurations, but in the main we deal with policy, process, standards and procedures.

Even if the initial engagement is only a short, high level review, it can quite often help justify a business case for additional services (technical, information assurance or a combination).

We are all certified in the area of information security which nowadays tends to be the general security certification.

Whereas the technical side of security testing will focus on certifications such as CREST, CHECK and those offered by technical vendors (e.g. Cisco), our certifications are more governance or standards-related. Within the team we have:

• CISSP; Certified Information Systems Security Professional (ISC2);
• CISM; Certified Information Security Manager (ISACA);
• CRISC; Certified in Risk and Information Systems Control (ISACA);
• Prince2 Practitioner; project management-related;
• ISO/IEC 27001 Lead Auditor; ISO audit competencies (BSI);
• ISO/IEC 27001 Lead Implementer; ISO implementation competencies (BSI);
• PCI DSS PCIP/ex QSA; we are cross-skilled and work in the PCI DSS Practice area