As organisations transact business and handle their employee, customer or supplier data almost 100% via their computer systems Information Security and Data Protection have become vital aspects of IT management.
Whereas most organisations until recently didn't connect their core systems to the Internet this is now common place and clearly presents a risk to organisations in the potential for loss, theft or corruption of data (information) through administrators or employees making simple internal errors or through cyber threats.
Information Security and Data Protection is about implementing policies, processes and procedures to maximise the confidentiality, availability and integrity of your IT systems and data. Typically based around an initial risk assessment of your IT resources followed by writing and implementing bespoke controls to mitigate those risks this provides a valuable framework for assessing and managing Information Security.
Autorotation Technology's consultants have experience of implementing effective Information Security Management Systems for a number of organisations which ultimately have achieved certification to ISO 27001 the international standard for information security management or handle very sensitive data for example for Government, Healthcare, Financial Services or Non Departmental Public Bodies.
Output from implementing effective risk management processes has been adoption of ISO 31000 the standard for risk management which we have seen many corporate organisations adopting as the framework for their ongoing risk management.
Often applying for and gaining insurance policies to provide Cyber Threat cover or professional indemnity insurance for data handling has as a pre-requisite to have a formal Information Security Management System and/or a formal response to any Cyber Threats.
Further we have also worked with organisations to ensure that their infrastructure and applications have been implemented to industry best practice through penetration and vulnerability testing and application security testing. We can interpret the results from those tests and advise or manage mitigation of any findings of those tests.
Disaster Recovery and Business Continuity is also related to Information Security although covered by a separate ISO standard ISO 22301. Our proven track record in writing effective DR and BCP plans as well as our technical ability to work with your infrastructure and application development teams to implement those plans differentiates us from pure play ISO consultancies who often have no IT experience but understand the requirements of the standard.
Please click here to see some examples of recent Information Security projects