Information Security Management Audit Package
Do you want to improve your Information Security, but don't know where to start?
Do you already do some Information Security, but worry that it's not applied consistently?
Are you unsure whether you're doing the right things?
Do you want validation that what you're doing is sensible?
Would you just like some reassurance that what you're doing is appropriate and proportionate for a company like yours?
Let me help you work out where you are, before you decide where you should be going...
How I can help you
Our Information Security Management Audit will determine:
- How well your company understands Information Security and its value, at all levels
- The understanding of Information Security and its value at top management level
- How well Information Security governance is integrated in to corporate governance
- How well Information Security policies and standards are developed
- How well Information Security roles and responsibilites are defined
- How well the effectiveness of the Information Security strategy is measured
- Whether information assets are identified and classified
- Knowledge of legal, regulatory, and other requirements related to information security
- The quality of the risk assessment process
- The quality of the risk treatment process
- How well Information Security controls are designed and implemented
- How well Information Security standards, guidelines and procedures are communicated and integrated in to the business
- How well Information Security requirements are integrated in to contracts and third-party management
- How well Information Security controls are audited
- How well the organisation is prepared for incidents
- How well integrated the incident response plan, business continuity plan and disaster recovery plan are
- Whether incidents are reviewed and lessons are learned
We will provide a report gauging your performance in each area against the desired performance, with specific areas for attention.
Why choose us?
We are independent of any certification bodies, vendors and suppliers, so we can offer impartial advice. Our only interest is to provide whatever is appropriate for you.
Do you want to find out more about how we can help you?
Get in touch