Information security
We work with you to establish, implement, maintain and improve your information security management system (ISMS). Our objective is to lead and guide your staff through the implementation and operation of the system so that you can be self-sufficient. We will provide draft policies and document templates for you to tailor to your needs and to implement and enforce.
Let us help you achieve ISO27001 certification.
Internal audits
We will conduct audits of your information security management system (ISMS) on a monthly basis including mandatory clauses (management framework) and Annex A controls in scope.
| Mandatory clauses | Annex A |
| Context of the organisation | Organisational controls |
| Leadership | People controls |
| Planning | Physical controls |
| Support | Technological controls |
| Operation | |
| Performance evaluation | |
| Improvement |
We manage this on a monthly basis to maintain familiarity with your environment, people and processes so that we can provide the best service to suit your needs.
Data protection & GDPR
What personal data do you have, where is it, what are you doing with it, how are you managing it, who has access to it, how is it protected, how long will you keep it, what if it’s breached, what about the right to erasure?
Let us help you establish the policies and processes to protect your business.
Data Protection Officer (DPO)
We will act as your DPO to ensure you have appropriate technical and organisational measures in place on an ongoing basis. We will establish policies, conduct internal audits, maintain your data controller/processor register, manage subject access requests and data protection impact assessments and if necessary report a breach.
We manage this on a monthly basis to maintain familiarity with your environment, people and processes so that we can provide the best service for your needs.
Cyber Essentials
We will help you establish the appropriate policies, procedures and technical controls to achieve certification. We will help you identify and document your scope, devices, systems and cloud services and complete the application on your behalf.
tjcmorgan 