• Home Page
• Corporate
  • BCRM Approach
  • BCRM FAQ
  • Case Studies
  • Certifications
  • Code Of Conduct
  • Company details
  • Customer satisfaction
  • Industry Endorsements
  • The Team
  • Why us?
• Policies
  • Business Continuity
  • Conflict of Interest
  • Corporate Social Responsibility
  • Data Protection
  • Disability Discrimination
  • Environment
  • Equal Opportunities
  • Health and Safety
  • Information Security
  • Personnel Screening
  • Quality
• Services
  • Health Checks
    • Business Continuity
    • Security Vetting
    • Data Protection Act
    • Software Asset Management
    • Service Management
    • Information Security
    • PCI DSS
    • Risk Management
  • Information Assurance
    • Disaster Recovery
    • Information Security
    • Physical Security
    • Employee Vetting
    • Software Asset Management
    • Risk Management
    • Identity Management;
    • Secure Disposal
  • Compliance
    • Governance Today;
    • GRC
    • FSA Compliance
    • Data Protection Act;
    • PCI DSS;
    • Sarbanes Oxley;
    • FSAP
    • Workflow and GRC;
    • Using XBRL for GRC;
    • Inspection of Records;
    • Litigation Support
    • Employment Law
    • FSA Support
    • Money Laundering
  • Management Systems Consultancy
    • ISO 9001
    • SO 14001;
    • ISO 17025
    • OHSAS 18001
    • ISO 20000
    • BS 25999;
    • ISO 27001;
    • Do you need us?
    • Auditing
    • Polices and Procedures
  • Continuous Improvement
    • ISO 9004;
    • Total Quality Management (TQM)
    • Six Sigma;
    • Capability Maturity Models;
    • ServQual / RATER;
    • EQF
    • Balanced Scorecards;
  • Certification Services
    • Standards Implemented
    • Management System Implementation Methodology
    • Consultancy to Support Certification
    • Certification Body Audit Markings
    • Certification Pre-Audit Services
    • Remediation
    • Certification FAQ
  • Digital Forensics
    • Forensic Evidence Recovery
    • Expert Witness Services
• Records Management
• Training
• Standards
  • Management Systems
    • BS 25999
    • ISO 14000
    • ISO 17025
    • ISO 20000
    • ISO 27000
    • ISO 9000
    • OHSAS 18000
    • PAS 99
  • Other Standards
    • BS 10008
    • BS 10012
    • ISO 25777
    • BS 7858
    • BS 8470
    • BS 7858
    • BS 8549;
    • ISO 15489
    • ISO 19770
    • ISO 24762
    • ISO 38500
• Legislation
  • Basel II
  • Data Protection Act
  • Financial Sector Assessment
  • Financial Services and Markets Act (UK);
  • Health Insurance Portability and Accountability Act US);
  • Markets in Financial Instruments Directive (EU);
  • Miscellaneous relevant EU Directives;
  • Payment Card Industry Data Security Standards (worldwide);
  • Sarbanes Oxley (US);
  • Single European Payments Area (EU);
• Legal
  • Copyright
  • Legal Disclaimer
  • Privacy
  • Security
  • Links to other sites
• Site Map
• Contact Us
•  

---

?

Information Security Consultancy

---

• overview;
• service offering;
• approach
• benefits
• next steps

Overview

Every day in the press there are horror stories of security breaches, data losses and an ever increasing number of vulnerabilities to IT systems that need to be addressed. Many organisations have a worrying time trying to address these issues and make sure that they are not the next news item. With the introduction of the Internet, organisations are now forced to re-examine their security infrastructure, especially, if they are required to open their information systems to customers, partners, and suppliers in order to maintain a competitive advantage. An incomplete and outdated security solution can put your organisation's information resources at risk and a single breach can result in tremendous loss to your organization and its reputation.

Although it may be difficult for you to implement a comprehensive and complete security programme to manage and control all of your information assets, the risk of breaches can be minimized if appropriate controls are put in place to protect them appropriately. To do this, all of your assets must be identified and the risks to them evaluated so appropriate controls can be selected to reduce the risks to an acceptable level.

Consequently more and more organisations are exploring the benefits of implementing best practice information security management using ISO 27001 and ISO 27002 as supporting guidance with the rest of the relevant ISO 270xx family.

ISO 27001 was formally a British standard (BS: 7799) and is the de-facto international standard on:

• establishing;
• operating;
• maintaining;

an Information Security Management System (ISMS).

Service Offering

BCRM are uniquely placed to assist you as they not only can develop and implement information security solutions appropriate for your business but have done so for themselves and been certified to ISO 27001 to prove it. Unlike some, we can 'walk the walk' and prove it.

BCRM has developed its own methodology based on ISO 27001 that contains an Information Security Management Policy and all of the processes, procedures and plans that are required to develop an Information Security Management System (ISMS) based on the Deming cycle of:

• plan;
• do;
• check;
• act;

that all of the major management systems standards have adopted.

BCRM ISO consultants are all ISO 270xx experts and many are qualified and IRCA Certified Auditors and Principal Auditors, rather than those just attending a Lead Auditor course, and have implemented a number of ISO 27001 systems that have been certified.

Approach

Using the BCRM approach to ISO 27001 covers:

• risk and vulnerability assessments;
• definition of the scope of certification;
• gap analysis;
• develop the SoA;
• documented procedures;
• implement awareness training;
• review and maintain the ISMS;
• assistance in gaining ISO 27001 certification

In addition to this, there are the mandatory procedures that are required for management systems in PAS 99.

As well as delivering ISO 2700x solutions, BCRM has a number of CLAS Consultants who can deliver JSP 440, HMG IS1, IS2 or IS3 and RMADS solutions for government clients.

Benefits

The BCRM approach gives you the ability to:

• align business needs with information security deliverables;
• allow you to make contractual bids, where if you were not certified, you may be precluded;
• assure management and customers of information security levels in place;
• create an organisational structure to ensure that roles and responsibilities for information security management are established;
• demonstrate compliance verified by a third party Certification Body;
• develop a statement of applicability (SoA) that identifies controls to be implemented to address the risks identified in your organisation;
• enable interoperability between disparate systems;
• ensure that a high level corporate information security policy exists;
• ensure that an appropriate incident management process is in place;
• ensure that an information assets register is created and managed;
• ensure that personnel security issues are highlighted and controlled;
• ensure that there is an ongoing compliance and monitoring mechanism in place.
• ensure that there us appropriate security of assets within the defined scope;
• ensure that processes and procedures for information security are documented and tested;
• further information security awareness within your organisation;
• identify risk and evaluate risks to your organisation;
• increase customer confidence in your products and services;
• integrate business continuity and information security in a common management system to exploit synchronicity between standards with similar management requirements;
• make a public statement that you have addressed information security needs of your, and your customers, data
• manage and treat significant risks to reduce them to an acceptable level in line with risk appetite;
• validate the adequacy of IT technical security measures including communications and operational procedures; logical access controls; systems development and maintenance arrangements;
• validate the adequacy of physical and environmental security arrangements;
• validate the existence or adequacy of business continuity and/or disaster recovery arrangements.

Next Steps

• BCRM are justifiably proud of our 100% SUCCESS RATE, of achieving first time certification through an Accredited Certification Body for our Clients;
• BCRM has a number of other service offering, these are listed here;
• BCRM is committed to providing a consistently high value service to our Clients;
• David Lilburn Watson, who remains personally 'hands-on' throughout the process, manages this process.
• to understand how the BCRM suite of offerings can be used to transform your business, please contact us
• we look forward to discussing your specific requirements, at your convenience;
• we offer a free Health Check for ISO 27001;
• whatever other type of consultancy you require, we can possibly offer a free Health Check.