Information Security, Risk Management
Governance and Audit.
OVERVIEW
INFORMATION SECURITY
RISK MANAGEMENT
GOVERNANCE
AUDIT
BRIEF
“Information is your organizations most valuable asset so why not protect it in the same you way you protect your physical assets?
Yew Tree Services can help you make the most of your information by making sure it is there when you need it and managed in line with international standards and legislation.”
www.yewtreeservices.co.uk
HOME
ABOUT US
STANDARDS
CONSULTATION
RESOURCES
CONTACT US

Consultation

Our consultancy and compliance services are made up of a set off professional services to help our client to achieve and maintain compliance with both standards and legislation relevant to their business. Typically carried out over 4 phases businesses can choose how far they want to go with the process from an initial exercise to set the scope of the work they need to complete to full certification and on going management of compliance issues.

 
 
 
 
 

Phase 1: Scoping

Typically a short-sharp three-day exercise designed to establish the scope of work needed to achieve compliance to the chosen standard(s). A consultant will work with you to define the systems and business processes to be included in the program.

Back to the top
 
 

Phase 2: Gap Analysis and Remediation Planning

Phase two will help you to determine the level of risk your organization faces and the degree of conformance or otherwise with the chosen standard(s). It provides the foundation for the remainder of the compliance program.

We will work with you to:

  • Review your IT infrastructure, network design, applications, Information Security policies and procedures
  • Arrange  Network Vulnerability Scanning / more extensive Penetration Testing which meets specific standards requirements;
  • Carry out gap analysis between your existing arrangements and the controls required by the standard(s);
  • Develop and prioritize recommendations to mitigate risk and address issues of non-compliance;
  • Develop a plan to address those risks and move to a position of compliance.

Back to the top
 
 

Phase 3: Remediation Consultancy

Depending upon your requirements we offer a full range of consultancy services in support of remediation activity, including:

  • Policy development
  • Infrastructure consultancy
  • Applications consultancy
  • Trusted advisor services

Back to the top
 
 

Phase 4: Audit and Certification

We will manage and carry out independent audit or support self assessment as appropriate to your requirements.  Where desired we can also arrange independent certification for your organization against the standard(s) required.

Back to the top
 
 

Phase 5: Ongoing Compliance Management

We can assist you with the ongoing management of your compliance through:

  • Arranging regular quarterly network security scans.
  • Ongoing internal audit and remediation planning;
  • Provision of remediation consultancy, including "trusted security advisor" services
  • Re-certification audits

Back to the top
 
 

Reporting

All our reports are produced in easy to read English that can be used throughout the business. This includes use of graphical tools to enable senior management to assess the levels of compliance at a glance; essential for maintaining good governance practice.
We will also provide a high level, business focused summary of the project to a management level audience along with a more detailed technical summary designed to enable in house technical teams to develop solutions appropriate to the business.

Back to the top
Copyright © Yew Tree Services 2007 | Privacy Policy | Terms of Use | Contact Us