OUR SERVICES
GovAssure Reviews against the NCSC’s Cyber Assurance Frameworks.
What is GovAssure?
GovAssure is the new cyber security assurance approach for government. The GovAssure assurance approach meets the requirements for an objective understanding of government cyber security as set out in the Government Cyber Security Strategy GovAssure uses the National Cyber Security Centre’s Cyber Assessment Framework (CAF)
GRC Audits has been approved by Crown Commercial Services as a Supplier of GovAssure Review and Assessment services. For more details go to our dedicated page on NCSC CAF Review Services
Risk Management & Risk Assessment
What is Risk Management?
Risk Management is the process of identifying, assessing, and prioritizing and mitigating risks in order to minimize potential negative impacts on an organisation & objectives. We offer comprehensive risk management services to help businesses identify, assess, and mitigate potential risks
– Risk identification and assessment
– Defining your organisation’s Risk Appetite
– Risk mitigation strategies
– Risk monitoring and reporting.
We can conduct risk assessments to help you understand and identify your risk landscape and potential vulnerabilities, and develop strategies for minimizing organisational risk. Our risk assessment services help organisations evaluate and prioritize potential risks based on their likelihood and impact, and organisational risk appetite.
– Risk identification and evaluation
– Risk prioritization
– Risk mitigation recommendations
Cyber Transformation, Gap Analysis and Road mapping.
What is Cyber Transformation?
Cyber Transformation refers to the process of implementing changes and improvements in an organisation & information and cybersecurity practices, technologies, strategies and governance in order to enhance its overall cyber resilience.
What does Cyber Resilience Mean?
Cyber resilience is an organisation’s ability to prevent, withstand, and recover from cybersecurity incidents. It combines elements of business continuity, information systems security, and organisational resilience (i.e., BCDR).
We can provide gap analysis against various frameworks and provide you with a roadmap to achieve certification against those frameworks, and ultimately improve your resilience to cyber threats. We assist organisations in transforming their cybersecurity practices to align with industry best practices and emerging threats.
– Cybersecurity gap analysis and roadmap to resilience.
– Importance of Security architecture in designing IT Infrastructure
Business Continuity and Disaster Recovery
What is Business Continuity and Disaster Recovery?
Business Continuity and Disaster Recovery is also known as BCDR. It involves planning and implementing strategies to ensure the continuity of critical/essential business operations in the event of a disaster or disruption. Our BCDR services help organisations develop and implement strategies to minimize downtime and recover their critical/essential business processes quickly following any disruptions.
– Business impact analysis
– BCDR strategy development
– BCDR Implementation
– Testing and maintenance
Supply Chain Security
What is Supply Chain Security?
Supply chain security is a multifaceted discipline that encompasses various aspects of safeguarding the supply chain, both in terms of delivery of products and services in a timely and efficient manner, but also securely, without disruption or risks to your organisation, product integrity and data security. We provide comprehensive analysis of security risks in the supply chain to help organisations ensure the integrity and security of their products and services.
– Supply chain risk assessment
– Vendor evaluation and monitoring
– Security controls implementation
Implementation of Security Standards & Frameworks.
As you will see, Our Team have a vast amount of experience and expertise. We can help you align to, prepare for and/or formally implement any of the following.
Below is a list of our Products, which are made up of International Standards, Schemes and Frameworks;
– GovAssure Review – Compliance against NCSC’s Cyber Assurance Framework (CAF).
– ISO 9001.2015 – Quality Assurance
– ISO 22301 (2019) – Business Continuity Resilience
– ISO IEC 27001-2022 – Information Security, Cybersecurity and Privacy Protection
– ISO IEC 27017:2015 – ISO 27001 for Cloud Service Providers: This is a code of practise. An extension to ISO/IEC 27001:2022 and ISO/IEC 27002. It provides additional security controls for cloud service providers and for cloud service customers.
– ISO IEC 27019-2017 – Information security controls for the energy utility industry.
– ISO/IEC 27018:2014/2019 – Code of practice for protection of PII in Public Clouds acting as PII processors.
– ISO/IEC 27701:2019 – Extension to ISO/IEC 27001 and ISO/IEC 27002 for Privacy Information Management (PIMS)
