How we do can it for you
We are engaged within security in short initiatives or long term engagement. Short term it is often in projects where we provide our expert skills, conducting gap analysis, develop and implement security standard & frameworks or conducting security audit. For long term engagement, we take an active role within the organization to handle security related questions and incidents but also acting as internal auditor for organisations that are ISO/IEC 27001 certified.
We are internal auditors for ISO/IEC 27001, in an integrated management system where ISO 13485 for medical devices had been implemented for several years as the quality management system for the organization, where ISO/IEC 20000-1 IT Service Management and ISO/IEC 27001 Information security was implemented into the same management system. Our task was conduct annual internal audit and it covers audit both in Sweden and in UK.
As the magnitude of individuals, networks and organisations perpetrating cyber-attacks is getting stronger and their skills are getting better, it requires a substantial effort to mitigate the risk of those attacks. That effort also includes a 3rd party risk assessments, like suppliers, business partners, stakeholders and sometimes also customer. We are working with these types of 3rd party assessments in project, within the security or procurement department.
A solid security framework initiated by a security strategy and that cover policy, procedures, guidelines to assess and manage security risks is important. We have developed several such frameworks and we have been re-designed them to respond upon changing requirements. The objective can be to align with ISO/IEC 27001 and also to prepare for and independent audit according to audit standard like SSAE16 or ISAE 3402.