Other services we offer

 

ISO 27001 Consulting ServicesCode ReviewsGeneral Security Assessments

ISO 27001 Consulting Services

ISMS scope determination and optimization

Scope determination is critical to a successful ISO-27001 certification effort. The scope needs to be broad enough to ensure that it will satisfy key stakeholders (e.g., clients, shareholders) but narrow enough to ensure the initial effort remains manageable.

Risk assessment

Risk Assessment/Management is fundamental to an ISMS. We believe that ISO-27005 has an advantage over many other Risk Assessment standards in that it is well suited to a non-asset based approach. This “information and the processes that act on it” approach yields a much more intuitive process that drives far greater value, in less time. While we are advocates of ISO-27005, we also use other standards including OCTAVE, OCTAVE-S, NIST SP 800-30 and NZ-AST 4360.

ISMS gap assessment

Understanding the gap between the current and desired state of the Information Security Management System (e.g., ISO-27001) is a key input into a “Prioritized Roadmap” (Gap Remediation Plan).

Prioritized roadmap definition

Roadmaps define the activities, approach and responsibilities necessary to address identified gaps in the time-frame required to achieve project objectives, including certification.

Policy, standards, and procedure support

Policy, standards, and procedures (PSPs) form the backbone of any ISMS. Remarkably, although PSPs are the most basic elements of an ISMS, they are also one of the most complex to implement effectively. This is largely due to the comprehensive and inter-dependent nature of PSPs.

Code reviews

We can provide code review services where required.

  • Across multiple common industry standard development platforms.
  • Static code analysis for the identification of common vulnerabilities.
  • Manual review of vulnerabilities.
  • Testing vulnerabilities if required.
  • Detailed reporting on potential vulnerabilities, including the assessment of false positives.

General Security Assessments

Whilst our team and focus centres on PCI related assessment work, we are all security professionals. As such, we can complete general security assessments to assist in securing your working environment. The focus of these assessments is broader than card data and addresses ways to secure your Personally Identifiable Information (PII). Outputs of these assessments are similar to our standard gap assessment reporting.