Advisory

Click to explore
 

Governance, Risk and Compliance

Information Risk Assessment

Our world-class information risk assessment ensures over 450 vulnerabilities are reviewed in interviews with strategic and tactical teams. The assessment factors in concerns raised by stakeholders, audit findings and past incidents ensuring that all security requirements are identified and prioritised according to business impact.

Information Security Management System (ISMS) and ISO 27001 Certification

We have the necessary skills and experience to partner with you to scope, establish an ISMS, and take it through to a successful ISO 27001 certification. We can furthermore assist with certified lead auditor and lead implementer training for all teams.

Privacy and Protection of Personal Information Act (POPIA) Reviews

Organisations are expected to safeguard personal information entrusted to them; ignorance is no longer accepted as an excuse. We conduct a privacy impact assessment and provide the necessary consulting services to ensure your organisation is compliant with relevant privacy and data protection requirements.

IT Governance and IT Risk Review

IT governance is a framework that ensures your IT infrastructure supports and enables an organisation to achieve its goals. We will perform an IT process maturity review, IT risk assessment and can assist with remediation of your IT environment.

Supplier and Third-Party Risk

We will review your current supplier management lifecycle to ensure that the applicable governance components such as NDAs, SLAs and other contracts are in line with information risk management requirements. We also perform independent third-party risk assessments.

Disaster Recovery (DR)

Following an alignment process to the Business Continuity Management (BCM) strategy, we establish detailed disaster recovery plans for all key areas of the organisation. We then run simulated disaster scenario tests and help to mentor and upskill the DR Operations Team.

Information Risk Strategy and Roadmap

Our information risk framework provides the foundation upon which we architect the strategy to support business objectives and the subsequent information risk programme. The modular nature of the framework furthermore provides an agile environment to allow the organisation to continuously re-evaluate their priorities and approach as the business and threat landscape evolves.

Human Resource (HR) Governance

We have the necessary skills and experience to partner with you to scope, establish an ISMS, and take it through to a successful ISO 27001 certification. We can furthermore assist with certified lead auditor and lead implementer training for all teams.

Change and Release Management

IT change and release management is primarily concerned with the governance of transitioning new technology and procedural adjustments into a live operational environment, with as little risk as possible.

Incident Management (IM)

We review your current IM, DR and BCM environment and ensure an ISO 27035 aligned incident management programme is in place to handle major privacy or cyber incidents. We provide the necessary governance documentation, detailed “battle guides” and training / simulated incident testing for the Incident Response Team (IRT).

Security Architecture and Design

A well-designed security architecture programme will ensure that all security is business-driven, risk-focused, comprehensive, modular, auditable and transparent, demonstrates compliance and provides two-way traceability of business requirements.

IT and Network Security Reviews

IT and network devices are crucial for the operation of any organisation. An IT and network review will ensure that weaknesses in configuration are identified and remediated, reducing the risk of a security incident.

Business Continuity and Crisis Management

We will establish the required BCM governance components in accordance with ISO 22301. We then conduct a Business Impact Analysis (BIA) with senior management teams to determine and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident or emergency.

Data Governance Framework – Classification and Handling

The data governance framework aims to provide an approach to proactively minimise the likelihood and impact of a data leak. Through a consultative approach, we help both business and IT to understand the value of their data, establish classification rules and then provide guidelines and training to communicate securely.