Information should be protected and secure from both internal & external threats and comply to all relevant legislation such as the Data Protection Act 1988 and the Computer Misuse Act 1990. Information Security Management enables information to be shared to the appropriate people whist ensuring the protection of that information.

• Benchmarking - Assessment of the status of information security management within an organisation against ISO 27001, this will then allow the planning of the implementation of a Information Security Management Systems (ISMS).
  
  
• Scope Study - Advice on the implications and suitability of ISO 27001 for an organisation. Assessment of the feasibility, costs and timetable for implementing ISO 27001 and, if required, achieving certification. The scooping exercise may identify areas of supplier or customers systems that may be included in the scope of the ISMS.
  
  
• Gap Analysis - Comparison of existing information security arrangements with those required by the standard, identification of weaknesses and development of a ISO 27001 implementation plan.
  
  
• Risk Assessment - Risk Analysis is the qualification and quantification of risks in a given system and the planning for the appropriate levels of resources to minimise those risks.
  
  To quantify risks, one can measure it as a combination of several viewpoints. Selected examples of such viewpoints are: the potential cost of damage, the vulnerability of the risk and the frequency of occurrence when a single point of security is breached. The analyst can choose to use other viewpoints appropriate to the nature of the organisation. So, the magnitude of a given risk can be perceived as a ‘volume’ based on the three dimensions. Each of the viewpoint can also be assigned weightings. For example, ‘cost of damage’ can be given a factor of two, which usually gives a more accurate reflection of the reality.
  
  Technologies do not sit still, with the continuing advances in computing power, it is becoming cheaper and faster to crack cryptographic algorithms. The means to protect data have to keep up with the adversary, akin to the evolutionary race between prey and predator. Risks in any given systems would have to be revisited and re-assessed periodically.
  
  Last but not least, it is important to note that no matter how many security mechanisms are in place, there will always be security risks in the long term. These risks, however, would be kept minimal with a well executed risk analysis and series of follow-up actions.
  
  
• ISO 27001 Implementation - Delivery of an information security improvement program to achieve compliance with ISO27001, including independent security health check, ISO27001 compliance assessment, extensive security risk assessment, information security consultancy
  follow-up security audit and security awareness training.
  
  
• Certification - Assistance in achieving formal certification through a third party certification agency.
  
  
• Information Security Management - Project and quality management of ISO 27001 programmes.
  
  
• Training and Education - Security awareness for staff and training on all aspects of ISO 27001.
  
  
• Documentation - Writing and implementing security policies, statements of applicability, procedures, manuals and controls.
  
  
• Technical Reports - Our technical staff are highly skilled we design, implement and consult on a wide range of technical information security issues.