IsecT’s professional services
All our services are custom-designed to suit client requirements. The following examples illustrate the kinds of activities we have performed previously, and we’re always keen to take on new challenges:
- Arbitration - independent, unbiased expert assistance to review, understand, challenge and respond appropriately to IT audit reports, nonconformities, supplier assessments etc. (this is NOT legal advice!).
- Audit and assurance such as: security strategy reviews; data centre & site/installation audits; software development projects audits; cloud supplier assessments/audits; ISO27001 pre-certification audits (readiness checks, gap analyses) ...
- Change - being a credible, independent, convincing agent of change, helping clients create and exploit business opportunities to change-for-the-better, developing pragmatic strategies and plans, promoting and guiding execution, measuring success.
- CISO coaching and mentoring - a knowledgeable, trusted friend lending you an ear and offering expert guidance based on decades of experience.
- Information risk and security management - strategy, policy and governance; identifying, evaluating and addressing information risks; benchmarking; assurance; business continuity management and resilience.
- Information risk assessment - assistance to identify, evaluate, prioritise and decide how to address information risks.
- Information security controls assessment - tell us which standards, requirements or guidance you’d like to be reviewed or audited against - Cyber Essentials, perhaps, or ISO/IEC 27701, PCI DSS, HIPAA or CSA or your own internal standards?
- IT installation review - check your physical security arrangements, essential supplies, data centre access and so forth.
- Interim management - holding the reins, stabilising the situation and assisting with the recruitment and settling-in of a replacement CISO or ISM.
- ISO27k consulting - achieve and maintain ISO/IEC 27001 certification with our expert guidance, from initial planning through implementation support, ISMS management reviews and internal audits, leading to continuous improvement and maturity.
- ISO27k support tools - help to determine your requirements, then survey the market, evaluate, select and negotiate prices for the most appropriate tools/systems* for your organisation.
- Policies and procedures - preparing pragmatic policies and procedures plus creative awareness and training content for staff, managers and professionals.
- Post-incident reviews - dispassionately, competently and independently drawing out and evaluating relevant details, developing and elaborating on responses, providing forward-thinking management reports and initiating improvement activities.
- Privacy impact assessments - need some help to review your privacy requirements and controls, dispassionately? Call us!
- Resilience engineering - establishing requirements, reviewing current capabilities, planning improvements and demonstrating genuine progress in areas such as resilient technology, people and infrastructure, plus the broader business and strategy aspects.
- Security maturity - benchmarking i.e. reviewing an organisation’s information risk and security situation relative to good practices in the field, recommending and justifying improvements where appropriate.
- Security metrics - designing and implementing a suite of metrics to manage information risk and security systematically, effectively and efficiently; auditing, reviewing, evaluating and improving existing metrics.
- Technical documentation - preparation or updating of readable documentation describing IT systems, services, software, processes etc., plus training materials, launch packs, technical support guides and more.
* We don’t supply ISO27k support tools/systems ourselves (aside from our own document templates), and we have no commercial or sales/commission relationships with commercial tool suppliers. Call on us for competent, independent guidance and truly dispassionate advice.
Copyright © IsecT Ltd. 2023
Information risk and