Information Security Auditing and ISO 27001 Consulting in Cumbria

Main Menu

HOME

ABOUT US

SECURITY AWARENESS TRAINING

NHS INFORMATION GOVERNANCE

CONSULTANCY

EVENTS

ARTICLES

NUCLEAR SUPPLY CHAIN

WHAT IS PCI COMPLIANCE?

WHAT IS ISO 27001?

Recently Published

Click here to see articles

Events

Lancaster Cyber Security Conference 2012

Click here for future events

ISO / IEC 27001:2005

This Certification has been likened to a licence to trade. If you do not have sufficient Information Security Management Systems in place, then some companies will not trade with you as they will not trust your ability to keep their information safe.
Indelible Data Consulting will guide you through implementing such systems and ensure your place in the supply chain.

PCI Compliance

If a business is set up to take credit cards by any mechanism, then it needs to be compliant. It is a common misunderstanding that small concerns handling only one or a few credit cards a year are exempt from these standards.

Data and Cyber Security • Consultancy • Auditing • Training • Business Continuity

Indelible Data provide information security advice, ISO 27001 Security Lead Auditing Services and PCI Compliance consulting to companies of any size - whether you are a small trader who doesn't know how to form a Disaster Recovery or Business Continuity Plan, or a large company that is concerned about the handling of sensitive data internally or within the supply chain.

*** ALERT *** All NHS organisations are mandated by the Department of Health to carry out and publish an Information Governance assessment using the IG Toolkit by the 31 March 2013. Click here if your practice needs assistance implementing any of these requirements.

What we do

• Formation of policies and procedures.
We will get to know your business and create policies that will ensure the vulnerable areas are highlighted and the risks mitigated.

• ISO 27001 Security Auditing.
We audit the security of your company against the ISO 27001 standard. Our services are of particular use to smaller companies that do not have the required internal audit capabilities required for the standard. Larger companies may wish to use our services to audit other companies in the supply chain to ensure they are keeping their information secure.

• Data Security Consultancy.
We will advise you of vulnerabilities in your network and personnel and physical infrastructure

• Information Security Awareness Training. Courses can be tailored to your needs - whether it is employee security awareness as part of a company induction - or ensuring IT staff have sufficient knowledge of current threats, vulnerabilities and countermeasures. Students are encouraged to get into the security mindset and place a relevant vaule on the data they own. Using real life examples of scams together with demonstrations of software vulnerabilities and exploits, our presentations are lively and eye opening

What we know

Threats to the confidentiality, availability and integrity of data stored on computer systems are not just from cyber attacks by skilled hackers bypassing hi-tech Intrusion Prevention Systems or from natural disasters, they are also from staff divulging too much information to strangers without any policies or procedures in place to guide them on best practice.

Security in the supply chain
Customers must be confident that:

Their confidential information is secure
You have business continuity plans in place
You are following ISO 27001 principles
Security plans are current and relevant

Comply with legislation
You may face penalties if:

You divulge sensitive information
Security measures are ignored
Client confidentiality is breached
Security plans are out of date

How vulnerable is your company to, for example, a new recruit divulging their password - or downloading a program - because the person on the phone claimed to be from the IT department?

The increased use of USB drives, unrestricted use of internet, personal e-mail, such as Hotmail, and instant messaging all introduce significant security gaps into the modern organisation.

Business Continuity We will help you: Formulate a plan Test the plan Improve the plan Keep the plan up to date	Disaster Recovery We will help ensure that backups are: Safe Secure Easily made available Routinely Tested

What you should know
The cost implication of lost or stolen information:

to your reputation
to recreate
if found by a competitor

What should be done
Information Security should start at the beginning of every process - such as its inclusion within the induction material given to new starters and at the planning stage of new premises, networks and applications.
If you are embarking upon an Information Security Management System (ISMS) such as ISO 27001:2005 and don't know where to start, then give us a call so we can help.