Policy and Process Support Services
Policy and Process Review
All companies have policies and processes and these can become prohibitive to the company progressing. Our review service will look at your business and review the appropriate policies and processes and provide assistance on how they can be improved. This will help you maintain security but also allow better flexibility. The review process can also develop a remediation plan and roadmap to show the activities and time scales associated with each to get to where the business needs to be.
Example Review Process
Example Review Process
- Review of existing policies
- Review of policies against the business risk profile and operation
- Workshops with stakeholders to discuss business operations and functions focussing on Data useage, access and any current benefits or barriers
- Analysis of results
- Development of activity Roadmap
- Development of Gap anlysis and policy remediation plan
- Presentation to stakeholders
Policy and Process Development Services
All businesses need to document the boundaries and the way in which it wishes risks to be managed, both internally and by 3rd parties and suppliers. Our approach will allow the development of policies and processes that work within the organisations requireemnts while maintaining flexibility. Areas covered but not limited to: Joiners, Movers and Leavers, Data Retention, Data classification, IT user, Security Management policies, Data handling and Data distruction.
Example Process
Example Process
- If a process review had been carried out this process would continue on to follow the remediation plan.
- If no policies or processes were in existance or if the client wishes to start again we would need to understand what the aim of the policies and process' are. If Risks and business process' have been suitably mapped we would work with the client to develop a suitable approach
- If enough information is not available it would be recomended that a business review takes place first
ISO 27001 Implementation
Implementing ISO 27001 for your organisation can be daugnting. our ISO 27001 specialists can help you develop the right approach for your business to the necesary security controls . This in turn will work towards ISO 27001 certification. Our specialists will help you develop all programme plans and work through the statement of applicability. We can then either hand over the delivery to you and support or carry out the full implementation. We can tailor the approach to meet your needs.
Example Areas of Focus
Example Areas of Focus
- Review and develop the context of the orgnaisation
- Implementation and development of the statement of applicability
- Work with senior stakeholders to gain support
- Develop the plans for the necesary elements required to meet the ISO 27001 Standard
- Identify all elements of Support needed
- Review all elements of the operation focusing on planning, control, information security risks and risk management
- Develop the performance evaluation system
- Development of continuous improvement plan
- Management of all Audits (If required)
- Organisation of Audits both internal and final external audit
- Full Security control development and implementation covering all aspects of People, Policy and Technology
Compliance Support Services
Meeting the necessary regulatory and compliance frameworks for your industry or country should not be managed as a box ticking exercise. Our specialist can provide fixed price programmes to help you achieve compliance for regulations relevant to your organisation. We can help with areas such as GDPR, PCI DSS, SOX, NIST etc.
Example Process
Example Process
- Review of existing compliance controls against the existing regulation or framework
- Review of current security/business controls against the current business risk profile, operation and regulation/framework
- Workshops with stakeholders to discuss business operations and functions focussing on the key areas of the regulation/framework.
- Analysis of results and initial findings presentation
- Development of remediation activity roadmap
- Development of compliance remediation plan
- Presentation to stakeholders
- Remediation plan management
- Remediation plan implementation