Information Security is the process by which an organisation comprehensively identifies risks to its information,
e.g. a data breach by hackers, and then undertakes steps to minimise or neutralise those risks.
The steps undertaken can be technical, e.g. buying anti-virus, administrative, e.g. introducing an acceptable use policy,
or physical, e.g. locking the server room to prevent unauthorised entry.
An organisation then manages these steps by monitoring them to ensure they remain effective in addressing the risks they are meant to control.
An organisation can undertake this whole process by itself,
but many prefer to implement Information Security through adopting an international standard.
International standards give organisations a significantly better chance of successfully managing Information security
since they supply a management framework upon which an organisaion can base its endeavours.
There are two standards which organisations can adopt - ISO 27001 or IASME Governance.
ISO 27001 is the most well-known standard and is aimed at organisations of any size or function.
which brings together many best practices aimed at helping
organisations plan, respond, and recover from disruptive events.
It implements a "Management System" to help organisations manage business continuity from beginning to end
in a systematic, holistic manner.
This systematic approach is a business enabler since it allows your organisation to effectively minimise risks,
creating a more robust and resilient organisation, providing better insight into how your organisation functions,
and allowing you to plan for the future with more confidence.
It also provides reassurance to customers, suppliers, staff, and other stakeholders that your organisation has effective governance
by taking proactive steps to remaining viable in the face of threats.
It puts you at a competitive advantage over rivals, since many organisations do not have any business continuity plans,
and can only react to disruptive events.
IASME Governance is a standard developed by IASME as part of a UK Government backed project
to create an information security standard that would be much cheaper and less complex to implement than ISO27001.
IASME Governance is aimed at SMEs so they can demonstrate their commitment to protecting their own information and that of their customers.
Its especially beneficial for organisations involved in supply chains where due diligence into suppliers is carried out.
There are two levels of IASME Governance - Self-Assessed and Audited.
IASME Self-Assessed involves completing a series of questions at the same time as the Cyber Essentials questionnaire,
and asks about the following processes within your organisation:
Risk Assessments
Policies
Backups
Incident Management
Data Protection
Operational Management
The questions assess how well an organisation manages information security risks in a non-technical manner,
that is to say how does the organisation manage risks though managerial (administrative) measures, e.g. staff policies, and
through physical measures, e.g. CCTV. Technical solutions to risks are great, but for an organisation to manage risk effectively
there must be a combination of managerial, technical, and physical measures in place.
IASME Audited Governance is a step up from the requirements of IASME Self-Assessed certification.
It requires an organisation to successfully complete the following stages:
An in-date Cyber Essentials or Cyber Essentials Plus certification
An in-date IASME Self-Assessed Governance certification
A review of the organisaion's information security documentation
An onsite audit from an IASME Governance assessor
The completion of any feedback from the IASME Governance moderator
The entire IASME Audited Governance is designed so that the applying organisation
works with an IASME Governance assessor who will guide them through the entire process.
Bergerode Consulting have guided companies both within the UK and beyond through this process,
so you will be in safe hands from beginning to end.
Informaton Security may seem a very imposing undertaking, but it delivers real benefits
to those organisations that do take this step. Bergerode Consulting can help you through the entire process from beginning to end.
Bergerode Consulting are ISO 27001 Lead Implementers and ISO 27001 Lead Auditors and a BSI Associate Consultant
and we can help your organisation implement ISO 27001.
Bergerode Consulting are IASME Governance Assessors and we can help your organisation
through IASME Self-Assessed Governance and IASME Audited Governance.
The price for ISO 27001 Implementation is dependent on the size and complexity of your organisation,
and we are confident that we can offer this at a competitive price, so get in touch today.
The price for IASME Self-Assessed Governance is £400 ex. VAT (£480 inc.VAT),
which includes 1 free hour of consultancy and help from Bergerode Consulting.
Should you require more assistance this can be provided at a competitive price.
The price for IASME Audited Governance is dependent on the size and complexity of your organisation,
and we are confident that we can offer a competitive price, so get in touch today.