Client Services
Client Services
The story about how I came into working within data security is told here
Now, semi-retired, I still enjoy discussing security situations and requirements with SME companies – those companies that are thriving within their sector and are fully engaged but have little time or budget left to ensure the stability of their data systems – and I find myself busier than ever
Always happy to discuss any thoughts or concerns a company may have – in total confidence
Business Accreditation
UK companies are currently being faced with constant bombardment of ‘supply chain’ questioning (especially after the introduction of GDPR) around their data protection measures – often having to respond to a huge spreadsheet of questions from a prospective customer’s ‘security team’ – get a Cyber Essentials accreditation to save the constant additional work
Sometimes there are ‘accreditation’ requirements for even getting into a bid process, without the accreditation being current their bid would be rejected out of hand (classic example is local and central Government contracts require a minimum of Cyber Essentials to be held to be considered for a bid) – get a Cyber Essentials accreditation to save the constant additional work
CYBER ESSENTIALS (UK Gov and National Cyber Security Centre / IASME)
A simple questionnaire (Cyber Essentials) with the addition of an external electronic scan (Cyber Essentials Plus) will provide a common platform which most UK suppliers will accept.
I will assist in all aspects and the certificate must be annually re-tested
The ISO/IEC 27000 family of standards helps organizations keep information assets secure.
Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties.
ISO/IEC 27001 is the best-known standard in the family providing requirements for an Information Security Management System (ISMS).
An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process
I will assist in all aspects of the certification process and regularly work alongside a well respected accreditation company
Audit & Compliance
PCI-DSS audits – both internal and external
Audit of network equipment components, operating systems and vulnerabilities
Audit of server builds and server ‘hardening’ work undertaken
We supply specialist software product to ensure that all project and compliance work is tracked, auditable and complete
Consultancy
Full or partial consultancy services to suit client requirements
Part time CISO available
Security Policy Documentation
Full sets of security policies
Internal Staff Training
As it says on the tin – staff awareness training sessions
Phishing campaigns that are guarenteed to reduce staff vulnerability over a 12 month period
What the Hackers See Report
An interesting (and often unnerving) look at your company and its digital footprint on the web; often highlights forgotten email, user ids, equipment etc