Information Security is the process by which an organisation comprehensively identifies risks to its information,
e.g. a data breach by hackers, and then undertakes steps to minimise or neutralise those risks.
The steps undertaken can be technical, e.g. buying anti-virus, administrative, e.g. introducing an acceptable use policy,
or physical, e.g. locking the server room to prevent unauthorised entry.
An organisation then manages these steps by monitoring them to ensure they remain effective in addressing the risks they are meant to control.
An organisation can undertake this whole process by itself,
but many prefer to implement Information Security through adopting an international standard.
International standards give organisations a significantly better chance of successfully managing Information security
since they supply a management framework upon which an organisaion can base its endeavours.
There are two standards which organisations can adopt - ISO 27001 or IASME Cyber Assurance.
ISO 27001 is the most well-known standard and is aimed at organisations of any size or function.
which brings together many best practices aimed at helping
organisations plan, respond, and recover from disruptive events.
It implements a "Management System" to help organisations manage business continuity from beginning to end
in a systematic, holistic manner.
This systematic approach is a business enabler since it allows your organisation to effectively minimise risks,
creating a more robust and resilient organisation, providing better insight into how your organisation functions,
and allowing you to plan for the future with more confidence.
It also provides reassurance to customers, suppliers, staff, and other stakeholders that your organisation has effective governance
by taking proactive steps to remaining viable in the face of threats.
It puts you at a competitive advantage over rivals, since many organisations do not have any business continuity plans,
and can only react to disruptive events.
IASME Cyber Assurance is a standard developed by IASME as part of a UK Government backed project
to create an information security standard that would be much cheaper and less complex to implement than ISO27001.
IASME Cyber Assurance is aimed at SMEs so they can demonstrate their commitment to protecting their own information and that of their customers.
Its especially beneficial for organisations involved in supply chains where due diligence into suppliers is carried out.
There are two levels of IASME Cyber Assurance - Level 1 and Level 2.
IASME Cyber Assurance Level 1 involves completing a series of questions at the same time as the Cyber Essentials questionnaire,
and asks about the following processes within your organisation:
Risk Assessments
Policies
Backups
Incident Management
Data Protection
Operational Management
The questions assess how well an organisation manages information security risks in a non-technical manner,
that is to say how does the organisation manage risks though managerial (administrative) measures, e.g. staff policies, and
through physical measures, e.g. CCTV. Technical solutions to risks are great, but for an organisation to manage risk effectively
there must be a combination of managerial, technical, and physical measures in place.
IASME Cyber Assurance Level 2 is a step up from the requirements of IASME Cyber Assurance Level 1 certification.
It requires an organisation to successfully complete the following stages:
An in-date Cyber Essentials or Cyber Essentials Plus certification
An in-date IASME Cyber Assurance Level 1 certification
A review of the organisaion's information security documentation
An onsite audit from an IASME Cyber Assurance assessor
The completion of any feedback from the IASME Cyber Assurance moderator
The entire IASME Cyber Assurance Level 2 is designed so that the applying organisation
works with an IASME Cyber Assurance assessor who will guide them through the entire process.
Bergerode Consulting have guided companies both within the UK and beyond through this process,
so you will be in safe hands from beginning to end.
Informaton Security may seem a very imposing undertaking, but it delivers real benefits
to those organisations that do take this step. Bergerode Consulting can help you through the entire process from beginning to end.
Bergerode Consulting are ISO 27001 Lead Implementers and ISO 27001 Lead Auditors and a BSI Associate Consultant
and we can help your organisation implement ISO 27001.
Bergerode Consulting are IASME Cyber Assurance Certification Body and we can help your organisation
through IASME Cyber Assurance Level 1 and IASME Cyber Assurance Level 2.
The price for ISO 27001 Implementation is dependent on the size and complexity of your organisation,
and we are confident that we can offer this at a competitive price, so get in touch today.
The price for IASME Cyber Assurance Level 1 is £400 ex. VAT (£480 inc.VAT),
which includes 1 free hour of consultancy and help from Bergerode Consulting.
Should you require more assistance this can be provided at a competitive price.
The price for IASME Cyber Assurance Level 2 is dependent on the size and complexity of your organisation,
and we are confident that we can offer a competitive price, so get in touch today.