OUR SERVICES

1. Vulnerability Assessment & Penetration Testing Services

We offer a comprehensive range of penetration testing services to discover vulnerabilities in your systems, performed by CREST and OSCP Certified Penetration Testers.

How will your organisation’s infrastructure hold up against a real cyber attack? Are you confident business systems are configured correctly, and the security operations teams will detect a malicious intrusion?

A Vulnerability Assessment & Penetration Testing assessment is the first step any organisation should take to start managing information risks correctly.

Vulnerabilities and exposures in most environments are due to poor system management, patches not installed in a timely fashion, weak password policy, poor access control, etc. Therefore, the principal reason and objective behind security assurance testing should be to identify and correct the underlying systems management process failures that produced the vulnerability that was detected in the assessment. 

Each engagement is followed by a debrief session to ensure the report on issues found is fully understood and the correct possible impacts have been agreed. After discussing the findings, we will clearly explain how the issue came to exist in the first place given the context you have provided, in order to prevent future management failure from causing a reoccurrence of the identified issues.

2. ISO 27001/ 27017 & 27005 Consultancy & Risk Assessments

ISO 27001/27017 & 27005 are the internationally recognised certifiable standard in on-prem and cloud information security management, demonstrating to customers, partners and regulators that your business has information security and data protection under control.

Where other information security frameworks are prescriptive, ISO 27000 follows a risk-based approach, ensuring that security controls implemented are appropriate and proportionate both to the assets to be protected, and your organisations appetite for risk.

ISO 27001 Certification covers 14 information security domains and consists of 114 security controls to ensure all information assets covering people, processes and technology including suppliers and vendors are secure.

As a risk-based information security management framework, ISO 27001 & 27017 is generally regarded as the means by which organisations can meet the required level of data protection stipulated as ‘appropriate controls’ under regulations such as the UK DPA (Data Protection Act) and the EU GDPR (General Data Protection Regulations)

Our ISO 27001/27017 & 27005 consultants have decades of experience implementing these standards in numerous organisations, and maintain deep domain expertise in cyber security and data protection (including certifications like ISO/IEC 27001 Lead Auditor, ISO 27001 Lead Implementer, CISSP, CISA and/or CRISC)

We also provide a variety of ongoing Managed ISMS services to our successfully certified clients, often participating in Information Security Risk Assessments, supporting Internal ISMS Audits, external visits and other activities.

3. EU GDPR Compliance Consultancy & Assessments

Data breaches are increasingly making weekly headlines in the news. Whether a breach is accidental or malicious in nature, performed by an insider or an external attacker, it is the loss of data which causes the reputational and often large financial impact to the business.

Organisations have for a long time been playing catch-up in regard to data security and protection. Due to a number of high profile data breaches, industry regulation is increasing its focus on ensuring organisations have in place appropriate protection for personal data.

Under the EU GDPR (General Data Protection Regulation) adopted on 27th April 2016 ( enforceable 25th May 2018) organisations handling EU data subjects can now be expected to be fined up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is the greater. They must also only maintain data as long as necessary, and identify all affected individuals within 72 hours in the event of a breach. The UK ICO is now also seeking to align UK legislation and penalties against the regulation.

This represents a challenge for organisations without visibility and control of the type of data they handle, where the data is located and applicable regulations.

The UK’s decision to leave the UK, or ‘Brexit’ has introduced uncertainty about GDPR, however the ICO has made it certain the UK will enact into UK Law either exactly as the GDPR and may make additional requirements. This is because to trade with Counties of the the EU will require compliance with GDPR as the minimum.

We can help organisations to understand what they need to do to get ready to comply with the GDPR.

 

4. Payment Card Industry Data Security Standard Consultancy & Assessments

Organisations storing, processing or transmitting credit card data are required to demonstrate compliance with the Payment Card Industry Data Security Standard (PCI DSS). The aim of PCI DSS Compliance, to provide assurance to both customers, and payment processors such as Visa, Mastercard, Amex and JCB, that adequate IT security controls are in place to reduce the risk of payment card theft and fraud.


Consisting of 12 requirements and 300 controls, the PCI DSS Compliance standard is both prescriptive, and comprehensive which can prove overwhelming to both small businesses and large enterprises.


The steps for demonstrating compliance depend on the number of annual transactions, or the Merchant Level of the business, varying from self-assessment, through to annual onsite audit from an external assessor.


Whether you are a small business requiring assistance with a Self-Assessment Questionnaire (SAQ), or a large enterprise handling millions of payments requiring support for a remediation programme, we can help.



Our range of PCI DSS Compliance Services, delivered by our team of qualified PCI DSS Security Consultants can provide advice, reduce complexity, and manage your companies’ journey to achieving, and maintaining compliance.

5. Cloud Security Assessments & Certifications

Cloud is everywhere, and it has people both excited, and nervous. It has the opportunity to provide benefits that are already too early to realise, both to consumers, and to businesses. The attraction of reduced hardware cost and software ownership is unquestionably a major attraction to both SME’s all the way through to large corporate enterprises, allowing them to focus on what they do best. This also though has potential conflicting security concerns where the external parties may adopt a different security posture, or management of information than when the data and/or processing residing on-premise. Be that as it may, cloud computing is an unstoppable force, and as security practitioners, it is our responsibility to enable the business to take educated risks to take advantage of what this exciting evolution can offer.

6. SWIFT Customer Security Program Audit & Certification

SWIFT has introduced a requirement that mandates an independent assessment for all customers' attestations. This comes into force in 2021.

We provide the following services for SWIFT CSP:

a) Swift CSP Audit

Validation of successful alignment of controls with the SWIFT CSP guidelines resulting in a controls report under recognized standards (e.g. ISAE3000).

b) SWIFT CSP Assessment

A detailed assessment of SWIFT CSP controls by leveraging our CSP accelerator.

c) Embedded in Internal Audit

Work alongside our clients' internal audit function to report on SWIFT CSP controls.

Share by: