Information Security

PCML Consultants Ltd has been working with ISO27001 – the Information Security standard for many years and with the current version of the standard since it was issued in 2013.

ISO27001 - Information SecurityThe threat of online fraud, hacking, malware infections or information breaches is more high profile than ever and is among the most serious threats that companies face on a day-to-day basis.

We support our clients to develop and implement effective information security management systems and to achieve and maintain certification to ISO27001:2013. Our expertise gives us an unrivalled understanding of the issues that our clients experience as they prepare for certification.

Our ethos of collaborative working allows us to support our clients and ensure they gain maximum benefit from the certification process.

Gaining certification to ISO 27001:2013 helps our clients to reduce the potential for the loss of information assets and to make well informed and cost effective decisions regarding risk mitigation and the implementation of security controls. More importantly, it offers our clients a competitive advantage, as certification to ISO27001 is increasingly required for participation in commercial tenders, in part as assurance given the increasing number of high profile data breaches being reported.

Our outline Information Security implementation process is available here

We work in partnership with a number of nationally recognised certification bodies which compliments the consultancy services we offer our clients.

Our tailored information security offering includes:

  • Initial application gap analysis
  • Risk assessment, mitigation and control selection activities
  • Development and implementation of information security policies and procedures
  • Internal audit and management review activities
  • Staff awareness and training

We offer cost effective tailored consultancy propositions – please contact us for further information.

Information Security System Reviews

Are you considering developing a formal information security management system or does your company already have informal procedures that require review and further development?

PCML Consultants Ltd has experienced consultants that can complete an initial information security gap analysis or a review of existing procedures.

Our experience and ethos of collaborative working allows us to determine the level of support that your company will require, from the review and update of individual policies to the implementation of fully developed document-sets that satisfy the requirements of ISO27001:2013.

We offer cost effective tailored consultancy propositions – please contact us for further information.

Business Continuity

Can you be confident your organisation is ready for anything​​​? Are business continuity and disaster recovery an integral part of your business activities. Are you required to demonstrate your resilience to customers?

Business ContinuityIt’s not just external issues that can impact your business. Business restructuring or process optimisation can increase the risk of potential points of failure. Are you confident that your business continuity arrangements can help to mitigate your current risks?

Have you tested your resiliency arrangements to ensure that they will not only work, but will manage shareholder, customer or regulatory expectations in a time of crisis?

Our ethos of collaborative working allows us to support you in determining your business continuity requirements.

Based on a process of review, development and implementation, our experienced consultants will help you assess the current state of your business continuity programme, addressing any identified gaps to include:

  • Business Impact Analysis (BIA) – we will assist you to predict the operational and financial consequences of the loss of a critical business activity.
  • Risk Assessment – we will assist you to identify and analyse the impact of potential threats to your business so you can mitigate your exposure.
  • Strategy and Planning – we will work with you to translate the findings from business impact analysis and risk assessment activities into a robust strategy that satisfies the requirements of ISO22301:2012.
  • Exercise and Test Programmes – we will support you to identify any weaknesses in your business continuity arrangements and evaluate the effectiveness of your business continuity plan to ensure it is up to date, functional and properly communicated to staff and other interested parties.

We offer cost effective business continuity propositions – please contact us for further information.

Quality Management

Does your organisation have an existing ISO9001:2008 quality management certification that will need to be transitioned to the requirements of the new ISO9001:2015 standard by September 2018?

PCML Consultants Ltd can assist you to review and define your organisationalQuality management certification context and identify relevant external and internal interested parties. We can also support you to complete relevant risk assessment and risk treatment activities; review your existing quality management procedures; provide updated awareness training and support your company to maintain certification and transition to ISO9001:2015.

Is your organisation looking to develop a formal quality management system? Our experienced quality consultancy can evaluate your requirements and support you to develop and implement an effective, uncomplicated system.

Is your organisation looking to review and update existing policies and procedures? Our experienced quality consultancy can show you how to streamline and simplify your system, utilizing effective process mapping that can improve the performance of your quality management system, whilst reducing duplication and effort. Your management system should be a powerful tool used to underpin efficiency and service improvement. Let us help you not to be burdened by an ineffective system.

We offer cost effective consultancy propositions – please contact us for further information.

Risk Management

Effective risk management is a complicated process. At PCML Consultants Ltd, our experienced consultants will help you to understand what is happening to the information your staff, customers and suppliers have access to?

Risk ManagementWe can determine whether you are making the right decisions to enable you to effectively manage the threats and vulnerabilities that your business faces.

Our ethos of collaborative working allows us to support you in completing effective risk and impact assessments and associated risk management and mitigation activities. We can also support you to develop the appropriate risk management methodology needed to ensure you implement and maintain the correct approach to information security risk reduction, resilience and business continuity strategies.

These risk mitigation policies and controls are benchmarked to best practice in relevant ISO standards including ISO 27001:2013; ISO 31000:2009 and ISO 22301:2012.

To reflect the risks associated with the growth in the use of outsourcing by many organisations, PCML Consultants Ltd offers a 3rd Party Information Assurance offering. Our experienced consultants can complete an independent and robust assessment of your existing and potential 3rd party suppliers in order to provide a level of assurance against the potential risks associated with the provision of outsourced supply.

We offer cost effective tailored risk management consultancy propositions – please contact us for more information.

Internal Audits

Internal AuditsInternal audits continue to be used to assess the effectiveness of information security provision.

Does your organisation have an ongoing requirement to complete periodic internal audits or a requirement to audit a supplier or outsourced partner?

Are you preparing for an internal audit from one of your clients?

PCML Consultants Ltd has an ethos of collaborative working that allows us to support you and provide professional 1st and 2nd party audit engagements to your specifications, including tailored internal and supplier audit offerings.

We have experienced information security lead auditors who can conduct comprehensive information security audits against the requirements of ISO27001:2013, which will include the following elements:

  • Information Security Policy and Standards
  • Information Security Controls
  • Information Security Risk Management
  • Information Security Management System Documentation
  • Logical, Physical and Procedural Security Requirements

We also undertake 1st and 2nd party audit engagements that can be tailored to effectively assess the requirements of ISO22301:2012 – business continuity or ISO9001:2015 – quality management in relation to your own or your suppliers management systems.

We offer cost effective internal and supplier audit propositions – please contact us for further information.

Training

Does your organisation need to raise the profile of information security or identify and develop staff to complete internal audits? At PCML Consultants Ltd, our experienced consultants can support you by providing information security training and awareness activities, which is the perfect starting point if you are embarking on a new information security initiative.

Information security training and awarenessIn order to be effective, information security ownership must be driven by top management.  This involves identifying and securing the company’s information assets including knowledge and experience; physical paper data; filing systems; perimeter and building security, together with data security.

This commitment by top management underpins the communication of information security requirements and controls to staff, customers, contractors, suppliers and other interested parties, ensuring that everyone in the organisation adheres to the information security policies, procedures and controls.

Our ethos of collaborative working allows us to provide tailored training, awareness and support activities that satisfy your initial and ongoing information security requirements, including executive and staff awareness sessions; and internal auditor training activities.

Executive Information Security Awareness

Our experienced consultants will deliver a tailored presentation to senior management to confirm their understanding and awareness of Information Security requirements; trends; legal & regulatory obligations and best practice, which satisfies the requirements of ISO27001:2013.

The workshop covers:

  • Information Security Good Practice
  • Legal and Regulatory Requirements – what is applicable
  • Management Responsibility
  • Security Trends – what is happening in the world
  • Information Security Risk Management
  • Information Security Case Study

Staff Information Security Awareness

Our experienced consultants will ensure that everyone who is required to comply with your organisation’s Information Security requirements is provided with relevant training. This will confirm that they are competent to undertake assigned roles and responsibilities within the information security management system, which satisfies the requirements of ISO27001:2013.

The workshop covers:

  • Information Security Good Practice
  • Legal and Regulatory Requirements – what is applicable
  • Information Security Ownership and Communication
  • Information Security Incident Management
  • Information Security Risk Management
  • Internal Auditor Training

Internal Auditor Training

Our experienced consultants will deliver formal internal auditor training to confirm their understanding of internal audit practices; audit preparation; completion of internal audits; audit reporting and management of non-conformities, which satisfies the requirements of ISO27001:2013; ISO22301:2012 or ISO9001:2015, as appropriate.

We offer cost effective training propositions – please contact us for more information.