assurance consultancy
Key areas of Assurance expertise include:
Information security management:
We will help you to develop and implement effective and appropriate policies, procedures and working arrangements to manage your information security which is so fundamental to the effective governance of your organisation. We draw on the experience and expertise of our security testing division to offer a complete information security solution. Using international standards for information security management such as ISO 27001 (formerly BS7799) as a benchmark, we consider all aspects of your physical and network security – including personnel, systems access control and systems development and maintenance - often in conjunction with current and pending governance legislation and guidelines such as PCI DSS. For more information please click here.
Working with you to gain an understanding of your current position and the scope of the project, we then develop a gap analysis, supplemented by recommendations for where and how security could be improved and an action plan for achieving these improvements. If appropriate, we also provide an implementation plan to take your organisation through the process of compliance and accreditation and will guide you through or manage the whole process depending on your resourcing capabilities and requirements.
Business continuity and disaster recovery:
We provide comprehensive business continuity and disaster recovery planning services to ensure that your organisation has arrangements in place to protect you from risks such as flood, fire, fraud and the loss of key personnel and suppliers. Using the BS25999 standard for business continuity as a benchmark, we work with you to assess your needs and the risks you face and develop a customised strategy and business continuity framework - a 'living and breathing' plan - that is regularly reviewed, audited and updated to ensure it continues to provide the appropriate levels of business protection.
We can also assist you in developing and implementing effective strategies, plans and procedures as well as helping you to design policies and governance arrangements. Where required we will assist you to procure third-party supplied services, brief and train staff, rehearse the procedures in practice and audit performance in all key areas. This ensures you are prepared for a range of eventualities and could withstand periods of interrupted operation, avoiding loss of business and customer confidence. We can also guide you through the BS25999 accreditation process if required. For more information please click here.
Service management:
We work with you to benchmark your existing IT service support and delivery processes against standards such as BS15000 based on the respected ITIL (IT Infrastructure Library) framework. Focusing on the procedures and systems currently deployed, we identify those aspects that are functioning well where best practice is currently followed and should be retained, along with any problem areas where services management procedures could be managed more effectively.For more information please click here.
The result is a comprehensive assessment of how well you are performing against best practice and we will also identify the gap between current activities and where compliance with the relevant standard may become appropriate. You will receive advice on how to re-design or improve each of the service management procedures and a prioritised action plan that identifies the major tasks to be completed along with a clear roadmap for if and how improvements should be implemented.
Risk management:
We help you to understand the risks your organisation faces, the regulatory requirements placed upon it surrounding IT, information security and corporate governance, and the implications of non-compliance.
With extensive experience of translating regulatory and legislative drivers such as the Government Manual of Protective Security, the Data Protection Act, the Freedom of Information Act, the Payment Card Industry Data Security Standard, Public Sector Audit Commission and Best Value Inspections into practical, relevant steps we help to ensure risk management and compliance with regulations and guidelines becomes a business issue which is central to the effective governance of your organisation. We are an accredited PCI DSS Qualified Security Assessor.