Our proven methodologies embed good security practices within an organisation’s technology, processes, culture and governance structures. We integrate security and data privacy requirements into enterprise architectures, including traditional and cloud environments, BYOD and operational security. We provide 24×7 threat management services and our staff hold full security clearance to work in public sector environments in the UK. Our security GRC framework helps organisations measure their maturity against standards such as ISO/IEC 27001, ISMS, ISF,  COBIT and HMG Security Policy.

How secure is your sensitive data?

The pace of technological change and the increased demands of regulatory compliance pose serious risk management challenges to organisations. High profile security breaches involving loss of personal data have created adverse publicity, reputational damage and significant regulatory action against those responsible.

In addition, cyber terrorists are collaborating in new strategies to steal intellectual property, commit high-tech crime and conduct targeted denial of service attacks. The general move toward cloud computing and the consumerisation of IT are just two of the technology trends which are adding to the governance, risk and compliance challenges faced by organisations.

Our services

In today’s increasing threat landscape, organisations require an integrated, layered security approach to ensure regulatory compliance, protect against data leakage and defend against network threats. Information security is both fundamental and critical to ensure your organisation proactively manages emerging security threats.

At Company85 we take a holistic approach to information security. We have deep information security skills along with enviable breadth of cross-sector experience at both operational and management levels. We are independent advisors and are not tied into any technology or software vendor. Our pragmatic approach, knowledge and expertise have made us a trusted advisor to organisations requiring the highest quality information security and privacy services as set out below.

Governance, risk and compliance (GRC)

We design and assess information security management systems based on our extensive experience and the Company85 information security methodology.

This methodology incorporates frameworks such as ISO/IEC 27001:5, Information Security Forum Standard of Good Practice for Information Security, COBIT, HMG Security Policy and assessment frameworks to embed good security practices in the organisational technology, processes, culture and appropriate governance structures. We provide:

  • Risk assessments, security strategy and improvement programmes including planning, design and management
  • Information security health checks
  • Data loss prevention (DLP) programmes for setting strategy, reviewing processes and technology to improve controls for sensitive company and personal data at endpoint, storage and network layers
  • Payment Card Industry Data Security Standard (PCI-DSS) assessments and readiness reviews
  • Design and implementation of GRC control processes, technology and solutions to comply with relevant standards, legislation and regulation such as Data Protection Act, 1998
  • Third party supplier due diligence security reviews

PCI-DSS readiness assessments

Our consultants use a combination of interviews, system reviews, site visits and documentation reviews to carry out a gap analysis against PCI-DSS, providing recommendations and solutions for remediation prior to undergoing a formal PCI assessment.

  • Scoping and review workshops
    - Number of premises storing, processing or transmitting payment card data
    - Payment systems, card data flows and network diagrams
    - Findings from any previous security audits
  • Gap analysis To assess the current status of controls implemented against the twelve requirements in the standard, identification of the gaps and recommendations for remediation required for compliance
  • Remediation and testing Implementation of remediation plan from technical and procedural controls through to vulnerability testing to achieve compliance

Enterprise security

Designing and assessing technology solutions and processes to provide standard build blueprints for integrating security into enterprise architectures, including cloud computing and applications. Our services include:

  • Architecture and application security
  • Infrastructure security
  • Governance, policies and procedures review
  • Identity and access management
  • Cloud computing
  • Security of consumer devices
  • Cyber security

Operational security and resilience

  • Security operations centre (SOC) assessments
  • Penetration testing
  • Threat and vulnerability management
  • Incident and escalation management
  • Data centre security
  • Configuration and change management
  • Operational security effectiveness reviews
  • Business continuity and disaster recovery management