3 ISO27001 Certifications

3 ISO27001 Certifications

FTSE 250 Global Infrastructure Company

« Back to projects

Solutions Summary

  • Risk assessment and evaluation
  • Risk management and mitigation
  • Risk Governance
  • Internal Audit Risk Information Security Capabilities
  • Information Security Management Systems
  • Pre-audit health check
  • Certification or accreditation planning and management
  • Compliance remediation and improvement planning
 

The Challenge

Our client was undergoing a rapid organisational change, and in the process significant security capability had left their business. Concerns from external auditors for the upkeep of certifications and accreditations for key government contracts led our client to request that we provide interim leadership over their Information Security function.

After our initial assessment, we supported our client in drastically simplifying and re-embedding their security management practices, turning-around and successfully securing their certifications.

Our Contribution

Analysed, redefined and embedded a new consolidated Information Security Management System (ISMS). including:

  1. Shaped and lead a compliance improvement programme to resolve/mitigate key non-conformities and risks.
  2. Set the internal audit schedule and developed the internal audit capability
  3. Reviewed and consolidated Security Policy framework for three management systems into one.
  4. Reviewed and redefined information security, audit and compliance roles and responsibilities.
  5. Established governance for information security to enable correct business oversight and accountabilities through strategic, tactical and operational forums.
  6. Delivered HMG IS1 compliant information security risk assessment and treatment methodology for managing information security risks for all in scope assets.

 

Ziran : the agile IT governance and management consultancy.

Whether you know what you want, or would like simply like to have a chat, we'd love to hear from you!