Security
What we can do for you

Together with our partners we cover aspects of security. We are engaged in topics from security strategies, governing frameworks and standards, providing awareness, giving training, conducting IT- and Security audits and technical penetration and vulnerability assessments.

Some examples of our capability:
  • Implementation of ISO/IEC 27001 or alignment with the standard
  • Risk assessments of suppliers providing IT-services through outsourcing or cloud-services
  • General Data Protection Regulation (GAP) projects – Gap analysis, generation and develop security measures to govern and protect privacy data
  • Investigation of security incidents and intrusion
  • Penetration and vulnerability assessments
  • Project manager security related projects
  • Continuity and disaster recovery planning
  • Security training and awareness presentations
  • Internal auditor (ISO/IEC 27001)
  • How we do can it for you

    We are engaged within security in short initiatives or long term engagement. Short term it is often in projects where we provide our expert skills, conducting gap analysis, develop and implement security standard & frameworks or conducting security audit. For long term engagement, we take an active role within the organization to handle security related questions and incidents but also acting as internal auditor for organisations that are ISO/IEC 27001 certified.

    We are internal auditors for ISO/IEC 27001, in an integrated management system where ISO 13485 for medical devices had been implemented for several years as the quality management system for the organization, where ISO/IEC 20000-1 IT Service Management and ISO/IEC 27001 Information security was implemented into the same management system. Our task was conduct annual internal audit and it covers audit both in Sweden and in UK.

    As the magnitude of individuals, networks and organisations perpetrating cyber-attacks is getting stronger and their skills are getting better, it requires a substantial effort to mitigate the risk of those attacks. That effort also includes a 3rd party risk assessments, like suppliers, business partners, stakeholders and sometimes also customer. We are working with these types of 3rd party assessments in project, within the security or procurement department.

    A solid security framework initiated by a security strategy and that cover policy, procedures, guidelines to assess and manage security risks is important. We have developed several such frameworks and we have been re-designed them to respond upon changing requirements. The objective can be to align with ISO/IEC 27001 and also to prepare for and independent audit according to audit standard like SSAE16 or ISAE 3402.