commissum's health check provides an independent assessment of your information security threats
- Security threats materialise as legal and commercial risks
- It is the fundamental legal responsibility of Company Management to ensure that reasonable measures are taken to mitigate security risks.
- The key consideration is a balance between risk mitigation and business priorities in a well-planned security management programme.
Expert independent assessment of security controls and practices:
- Benchmark set and agreed through impact analysis.
- Targets agreed for security relevant to the organisation and business environment.
- ISO27001/2 followed - a proven, comprehensive framework.
- Real value from a short, audit period, with minimal client disruption.
Security health check issues
Security threats have the potential to materialise as both legal and commercial risks within an organisation. It is a fundamental legal responsibility of Directors and all levels of Company Management to ensure that reasonable measures are taken to mitigate such risks.
Risks that materialise can impact on an organisation in many ways, the impact undermining the confidentiality, integrity and/or availability of critical information and systems. The scope of the health check wide-ranging, and identification and analysis in some areas will require specialist knowledge.
The key step is to conduct an objective analysis of the risks and of their impact on the assets of the company, and then to achieve a balance between risk mitigation and business priorities in a well-planned security management programme. In this, experience and independence are essential, to achieve true objectivity and avoid overlooking potentially critical issues.
The healthcheck is a broad-spectrum assessment of security, using ISO27001/2 as a framework. It should be considered the minimum starting point for any organisation to ensure its commercial and legal responsibilities are addressed.
Approach
The healthcheck combines inspection, interview and observation to draw up a picture of the effectiveness of a wide range of information security controls. These include organisational and procedural controls as well as security technology.
The elements are:
- Iimpact analysis: Sets the standard for security achievement based on the impact suffered if security fails.
- Interviews: Meetings with key business staff to evaluate security controls
- Inspection and observation: Visit and review of significant locations and facilities.
- Documentation overview: Assessment of the completeness and effectiveness of security policies and procedures.
- Analyse and report: Collation and analysis of data and findings, followed by a report presenting conclusions and recommendations.
Security health check customer benefits
commissum provides the customer with an expert independent assessment of the effectiveness of their security controls and practices.
- Benchmark set and agreed early in the exercise through the impact analysis.
- Targets for good security practice defined, relevant to the organisation and its business environment.
- ISO27001/2 provides a proven and comprehensive scoping framework.
- Standard commissum processes and report formats reduce set-up overheads and timescales.
- Real value from a short audit period, with minimal disruption.
Security health check PDF Get in touch with one of our security consultants today
- No obligation
- Expert advice
- Tailored solutions
"commissum recently provided invaluable advice and support, ensuring the success of our secure remote access project, and has provided us with annual penetration testing and managed service scanning for several years. I would happily recommend commissum to others for their professionalism and quality of service.”
Mr Tim R, IT Director, International Law Firm
