IsecT’s professional services include:
- Information risk assessment - assistance to identify, evaluate, prioritise and decide how to address information risks.
- Information risk and security management - strategy, policy and governance; identifying, evaluating and addressing information risks; benchmarking; assurance; business continuity management and resilience.
- ISO27k consulting - adapt and adopt the good practices from ISO/IEC 27001; implementation projects; gap analyses; certification support; competent, independent advice and guidance.
- ISO27k support tools - help to determine your requirements, then survey the market, evaluate, select and negotiate prices for the most appropriate tools* for your organisation.
- Security policies - preparing pragmatic policies and procedures plus creative awareness content for staff, managers and professionals.
- Technical documentation - preparation or updating of readable documentation describing IT systems, services, software, processes etc., plus training materials, launch packs, technical support guides and more.
- Post-incident reviews - dispassionately drawing out and evaluating relevant details, developing and elaborating on responses, initiating improvement activities.
- Security metrics - designing and implementing a suite of metrics to manage information risk and security systematically, effectively and efficiently; reviewing, evaluating and improving existing metrics.
- Security maturity - benchmarking i.e. reviewing an organisation’s information risk and security situation relative to good practices in the field, recommending and justifying improvements where appropriate.
- Assurance - IT audits, ISMS internal audits & management reviews, data center & site/installation audits; software development projects audits; cloud supplier assessments/audits; pre-certification audits (readiness checks) ...
- Arbitration - independent, unbiased expert assistance to review, understand, challenge and respond appropriately to IT audit reports, nonconformities, supplier assessments etc. (this is NOT legal advice!)
- Interim management - holding the reins, stabilising the situation and assisting with the recruitment and coaching/mentoring support of a replacement CISO or ISM.
* We don’t supply ISO27k support tools ourselves (aside from document templates), and we have no commercial or sales/commission relationships with tool suppliers. Come to us for competent independent guidance and truly dispassionate advice. We have no axe to grind, except yours.
Copyright © IsecT Ltd. 2023
Information risk and