Option 13

Information Security, IT, and everything inbetween

Information Security

Option 13 can help you resolve your Information Security problems, whether you're just getting started, looking for help with a one-off project or looking for occasional support.

Information Security Management Systems

Are you thinking about implementing an Information Security Management System (ISMS) and wondering what's involved? Or has a customer (or potential customer) asked you if you're ISO 27001 compliant, and you're wondering if it will help you gain future business? Already got ISMS, and looking for feedback on it (independent from your certification body) or looking for independent internal audits? We can help you, whether it's an initial investigation into what the benefits, risks and costs of ISMS implementation would be, or if you would like us to go through the whole implementation and ongoing maintenance process with you.

We can help you with all stages of your Information Security programme, including:

Increasing Business Resilience

Are you confident that if something bad happens that you can recover from it? If your critical IT infrastructure fails can you carry on working? What about if you have a virus outbreak on your network, or a malicious employee decides to delete files when they leave? We can help you formulate and test your business continuity plan, disaster recovery plan and incident response plan, as well as maiking sure that they're consistent with each other.

Information Security Governance and long-term planning

If you're a director or senior manager are you concerned that you don't know whether your Information Security programme is delivering value to you? If you're an Information Security Manager are you concerned that the importance of Information Security is not appreciated at board level? We can help Information Security and the rest of the business communicate in language that both can be comfortable with.

If you need help with any of the following, get in touch.

Information Security Awareness Training

If you have an established awareness training programme, but don't have the resources to deliver it across your entire organisation, or if you need help building your training programme, we can help you.

If you need help with anything you've seen mentioned here, or even if you haven't seen it but want an initial discussion, get in touch

Pre-packed Services

Sometimes you don't know exactly what you want, and being able to pick a package is enough...

Information Security Management Audit Package

Do you want to improve your Information Security, but don't know where to start? Do you already do some Information Security, but worry that it's not applied consistently? Are you unsure whether you're doing the right things? Or do you want validation that what you're doing is sensible?

Let us help you work out where you are, before you decide where you should be going...

Our Information Security Management Audit will determine:

  • The understanding of Information Security and its value at board level
  • How well Information Security governance is integrated in to corporate governance
  • How well Information Security policies and standards are developed
  • How well Information Security roles and responsibilites are defined
  • How well the effectiveness of the Information Security strategy is measured
  • Whether information assets are identified and classified
  • Knowledge of legal, regulatory, and other requirements related to information security
  • The quality of the risk assessment process
  • The quality of the risk treatment process
  • How well Information Security controls are designed and implemented
  • How well Information Security standards, guidelines and procedures are communicated and integrated in to the business
  • How well Information Security requirements are integrated in to contracts and third-party management
  • How well Information Security controls are audited
  • How well the organisation is prepared for incidents
  • How well integrated the incident response plan, business continuity plan and disaster recovery plan are
  • Whether incidents are reviewed and lessons are learned

Does this sound like what you want? Get in touch