To change the appearance of the page, edit the styles of the corresponding elements (in most cases by using the "Main Frame" Style Zone).  
 
To change the menu’s links: edit, copy-paste, or delete the Link Elements within. 
 
To hide an element without deleting it, use its property Visible.
To "activate" displaying of an arrow, use its property "Visible"
Clayton Security Services
What we can do for you.
ISO/IEC 27001

If you are thinking about implementing an Information Security Management System (ISMS) which is compliant to ISO 27001, or you want be certified, our team can help. The first step is to review the current status with a GAP analysis in order to determine what needs to be done to bring your organization up to the mark. Essentially this is a health check of the state of security of your organization looking at the threats that endanger the Confidentiality, Integrity and Availability of the assets that you wish to protect. These assets could be physical but more often it is the information that constitutes your organization as this is generally the target of a cyber attack. 

This step will include a justification as to why you need ISO 27001 and whether you just wish to comply with the standard or become certified and what this means in terms of benefit versus cost. It is worth remembering that certification is not just a tick-box exercise and it will need to be maintained at an ongoing cost to your organization.

Then if you wish to proceed, we will steer you through the process starting with identifying the scope of implementation and the functional / operational boundaries of the ISMS. Out of this will come a risk analysis which will allow the organization to identify the controls that are appropriate and how best to apply them. This will be documented in a Statement of Applicability (SoA) that will subsequently used by the external assessors to understand your ISMS.

It is important to bring your staff along on the journey and so early introduction to the process is required to engage with employees to ensure they buy in to the ISO 27001 certification process and respond appropriately. Also to help them to understand the benefits to individuals, the organization and clients.

The ISMS will require extensive documentation in order to describe its focus. The standard mandates a Scope Statement, a Policy Statement, a Statement of Applicability and a Risk Register. However, there are some documents that are implied by the standard used to manage the ISMS such as an internal audit framework, a management review policy, a document management policy and an effectiveness measurement policy.  Finally, in order to mitigate risks addresssed by the controls in the standard, you may decide to extend your organization's policies. Examples of this could be an acceptable use of assets policy, a clear desk and screen policy, an information classification policy and information asset register. There are many more that arec required before the stage 1 audit in the certification process which is often called a document review. We can even write them to your requirements. 

Assuming you pass the document review then there is a stage 2 or certification audit where the assessor will look to see that you really are putting into practice what your documentation states. 


Throughout this process our team will guide you through the maze with advice on the most efficient way to satisfy the requirements of ISO/IEC 27001 certification.  Generally, the process takes about 10 months for a company of 70-100 staff. Smaller companies can take less time and larger companies can take longer.

Needless to say, we can help you if you have started the process and lost your way.


EXISTING CERTIFIED ISMSs

Maybe you already have a ISO/IEC 27001 certification and need some help. Perhaps the person running the ISMS has left the company or is on extended leave. If it is to prepare for a surviellance audit or complete the missing internal audits required by certification, our team can help here too. We have experienced consultants and lead auditors for ISO/IEC 27001 who can step in and sort out what needs to be done to keep the certification. We can even supply Virtual Security Officers to run your ISMS for you.

SECURITY AWARENESS TRAINING

One area of Information Security that is often neglected is the human element. You can put all the technical controls in place and it is all for nothing if a member of staff clicks on the link in a phishing email. Are you confident that your staff could recognise a phishing email, a vishing phone call or a smishing text message? Our team includes Psychologists who have identified the principles of social psychology, consumer psychology and behaviour change that these attacks draw upon. They may, for example, use a fear appeal or invoke a sense of scarcity or urgency if the recipient does not act quickly. Our training focusses on presenting the danger to home life as well as in the office. If your staff can identify an attack to an asset they cherish at home, then they can do the same at work. Our aim is to turn the staff from points of failure to points of control.

And our psychologists have turned their sights on our awareness program itself with a view to making them engaging as well as informative. 

General Data Protection Regulation (GDPR)

On the 26th April 2016 the EU ratified Regulation (EU) 2016/679 the General Data Privacy Regulation which repeals Directive 95/46/EC called the Data Privacy Directive. Unlike the directive, which requires member states to enshrine the directive in local law after a certain time, this is a regulation and so applies directly on member states and is enforceable through the Court of Justice of the European Union (the ‘Court of Justice’) and the European Court of Human Rights. 

We have examined all 11 Chapters, 99 Articles and 88 pages (see our review). We can help you unwind it an apply it to your business so that your organization is ready for 25th May 2018. We have written an Implementation compliance standard which is available free here.
 


Contact us