What you need to think about
To ensure that your information security management system (ISMS) based on ISO 27001 is appropriate and effective, it is necessary to understand to what it will apply. This is known as setting the scope of the ISMS and is a requirement of the ISO 27001 Standard.
There are two factors to consider when it comes to setting the scope; what is going to be in scope and out of scope.
Some businesses, particularly those smaller or with relatively lower complexity, this becomes a simple operation as they are likely to include everything.
Some businesses may have reasons to exclude parts of their business whether that be because they are large and don’t want to take on too bigger task or due to restrictions in some way, e.g. lack of finance, short timescales.
How we help!
We pride ourselves in providing appropriate and practical consultancy services, specialising in information security, business continuity and risk management.
Our overarching goal is to assist you and your business to achieve the level of information security, business continuity and risk management that is corresponding with the objectives, goals and the requirements of your business as a whole.
This is where our collective experiences and practical approaches of our consultants come into their own; ensuring that the right levels of resources (time, money and people) are committed to implementing the most appropriate solution.
We work in assisting businesses comply, or certify, with ISO 27001 Standards for Information Security and Business Continuity and comply with PCI-DSS, the Payment Card Industry Data Security Standard.
Our main objective with any compliance/certification project is to work closely with you and the business to ensure that any implementations not only meet the Standards’ requirements but are also appropriate and relevant to your business’s culture and size.
What we can do for you
Embracing a risk-based approach
We believe we can help add the greatest value to the business. We have the risk assessment methodologies and software tools to enable you to identify your greatest information security or business continuity risks, in a practical and understandable manner.
Adopting this approach, you will be able to save time and money by prioritising and implementing controls (technical, people, policy and process-related) that are appropriate and relevant to you.
Our team of experienced practitioners are always looking to improve and refine our approach so you can benefit from how we have overcome different hurdles and challenges in the past.
A key aspect of our approach is to transfer as much knowledge and skills as we can whilst working with you, this enabls you to become self-sufficient in developing your information security, business continuity and risk management practices.