Consultancy

Expert security advice when you need it

Assistance where you need it

Whether you are at the beginning of your journey or just want confirmation you are on the right path.

Whatever your security project we would love to help, experienced in a number of common certifications, accreditations, regulations and general security “best practices”. We have years of experience managing security projects for businesses to ensure that they meet their objectives.

Compliance and regulations can be complex and time consuming to implement, let us help by bringing years of experience of driving organisations through security projects and certification, we will provide all the required documentation, records logs and tools needed to achieve your security goals within your timelines.


ISO27001

The Information Security Standard

ISO27001 shouldn't be complex, the Information Security Management System that is created during implementation has to be managed long term but most importantly it needs to work for you.

Let's start by getting rid of the old myth that this is all about IT, ISO27001 covers the entire organisation and needs buy in from the top, but we'll be honest and realists that a considerable amount of effort will fall to IT. We operate in a digital age and technology is used to implement security across businesses, the key is IT should not own this process as company policies should drive compliance and this needs to be driven from senior leadership.

We can't sell you ISO27001, the decision comes from within! We can however advise on the benefits of implementing ISO27001 and work with you to implement all the way to UKAS Accreditation.

We will build and work with you to customise policy documents to define your security operations and management, our implementation builds security around you instead of trying to bolt it on and we'll help create any required operational processes and provide any required guidance on any improvements to existing processes. We have a number of templates to provide a solid starting point.

We have analysed and deconstructed the standard to provide a complete delivery solution, while keeping the process as streamlined and adoptable as possible.


PCI-DSS

Precise Complex Infuriating

In 2004 the card brands came together to publish Payment Card Industry Data Security Standard (PCI-DSS), since then it has continued to evolve and is a contractual requirement for any company that processes payment cards backed by the major brands;

  • Visa
  • Mastercard
  • AMEX
  • Discover
  • JCB

PCI-DSS can be a complex implementation due to scoping challenges and an understanding of potentially over 400 controls (v3.2), scoping done correctly can significantly reduce your risk and the work required to maintain this compliance headache.

We start with a 1/2 or full day assessment depending on complexity and size of the engagement to assess your current PCI environment, we will provide a documented report on findings with recommendations to simplify your compliance and how we can assist further if required.


GDPR

Getting Data Privacy Right

On May 25th 2018 GDPR became the legal marker for Data Protection and Data Privacy, although looking at statistics being published companies have still not implemented the required controls to manage the many expectations of GDPR.

We can provide advice and guidance across the 6 principles of GDPR, helping bring data privacy to the core of your business operations.

We train all staff in GDPR with a GCHQ Certified training course to practitioner level to ensure we can provide accurate and consistent advice.


Information Security

A determined attacker will look at all attack vectors

We are firm believers that complaince does not equal secure. We understand compliance completed in the true spirit of the implmentation requirements can increase security significantly but there are some basic flaws in requirements, i.e. PCI-DSS only mandates 8 character passwords, we don't think this goes far enough, which is why when we implement any of the above standards we will drive security rather than compliance minimums.

Compliance can bring commercial benefits and ISO27001 or PCI-DSS for service providers can improve customer confidence and we will work with you every step of the way on your journey to an increased security posture.