What We Do
Our Services
IT Audit
Auditing IT systems to meet regulatory compliance and security goals. Services include:
- User Access Audits to ensure that formal processes for granting, amending and revoking user access rights exist. This includes periodic reviews to confirm that access rights are appropriate.
- Segregation of Duties between IT systems development, testing and implementation activities. For example, this avoids the risk of critical IT processes relying on a single individual.
- Change management to avoid system disruption by ensuring that major IT changes are formally approved, tested and authorised before implementation.
Security Governance Services
We help organisations create formal, holistic and risk-based approaches to Information Security governance. Our services include:
- Security Health Check to provide an evaluation of your security status. We review areas such as policy, network security, incident management, business continuity and compliance.
- Security Organisation and Management Framework Design to enable organisation-wide coordination of security activities. We help define security roles and responsibilities including Board level accountability for security.
- Security Process and Policy Design to help you create security processes and policies in all vital areas of business. We start from your business objectives. Thereafter, we create security processes and policies that meet contractual, legal and regulatory obligations.
- Security Awareness, Education and Training Services to help ensure that employees receive security awareness training and regular updates.
IT Third Party Management Services
Organisations increasingly rely on third parties to provide transaction processing, shared data centres and IT infrastructure services. However, third party providers do not always deliver the promised cost savings, security and improvements. Our services include:
- Independent assessment of third party operations to validate that IT providers are securely handling your data and IT systems. We are experienced auditors with expertise in Statement on Auditing Standards (SAS) No. 70 and IT Infrastructure Library (ITIL) standards. Third Party Contract governance to help you get the relationship right. We help you ensure that contracts meet your needs and accepted practice.
IT Architecture Security Services
We help you validate that your critical IT systems such as computer networks are robust, secure and offer suitable platforms to support business objectives. Our expertise covers:
- Review of network configurations for example, the consideration of internal network segregation from the internet/ email access and other traffic flows.
- Review of network access control to prevent unauthorised access to networked services. We focus on preventative and detective controls around logical and physical security.
- Review of resilience and high availability provisioning for IT infrastructure to minimise risk of system unavailability.
- Identify security requirements to ensure that new IT architecture designs address security risks sufficiently.
Data Security and Privacy Services
We help you develop cost-effective processes to identify, handle and protect your critical data. Our services include:
- Conducting comprehensive reviews of your information assets wherever they exist. The goal is to identify groups (internal and third party) that collect, store, use, process and transfer data. We also review policies, data types, systems utilised and map data flows.
- Evaluating Data Classification and Value Frameworks where they exist. The goal is to ascertain that you have assigned suitable categories and value to data in light of your business needs, privacy concerns and obligations to protect data against unauthorised use.
- Designing or updating protection guidelines for information. We pursue a risk-based approach to data security that aligns information value, exposure to threats and protection measures.
- Designing and implementing compliance programme to ensure that protection measures remain sufficient. We also help you define roles and responsibility for operating compliance and improvement programmes.