Most organisations recognise that information is critical for them to achieve their business goals and objectives. Despite this many organisations still fail to implement effective information security governance.
Effective information security governance requires the board of directors and senior management to set the strategic direction for security. They must assign accountabilities and responsibilities, ensure that security and privacy risks are effectively managed and that resources are allocated and used responsibly to support the business goals and objectives.
Governance is the foundation of security leadership. It enables you to make informed decisions, based on relevant and timely information, about how to invest your resources to effectively and efficiently manage your security and privacy risks.
Our Information Governance Services
Information Security Management System
ISO 27001 specifies the activities required for an organisation to establish, implement, maintain and continually improve an effective Information Security Management System (ISMS).
Establishing an ISMS based on ISO 27001 will provide you with a practical approach to implementing the governance, risk and assurance practices required to identify and appropriately manage the security risks to your organisation’s information assets throughout their lifecycle.
Choosing to undertake certification against the ISO 27001 standard will give you a competitive advantage by providing interested parties with confidence that you have strong governance, risk and assurance practices.
Protective Security Requirements
If you are a core public service department you are required to comply with the the Protective Security Requirements (PSR), a flexible risk-based framework designed to help government departments improve the maturity of their security practices.
We can help you to achieve your desired level of maturity in a practical and cost-effective way by assessing your current maturity level, helping you define and capture your desired maturity level and delivering a prioritised roadmap to move from your current to your desired state.
GDPR Compliance Support
The General Data Protection Regulation (GDPR) is due to be enforced on the 25th of May 2018. The GDPR not only applies to organisations in Europe, but also to any organisation that offers products and services to EU countries. The GDPR is enforced with organisations that do not have a European base through international trade agreements, and breach fines can be up to 4% of the annual global revenue of the organisation.
We can help your organisation navigate the GDPR, understand your compliance requirements and plan compliance roadmaps. As part of meeting your GDPR obligations, Axenic can assist you with gap assessments to understand your current compliance, Privacy Impact Assessments (PIA), risk assessments, compliance roadmaps, and incident management. Contact Axenic to discuss whether GDPR applies to your organisation. If it does, we can help you meet your GDPR compliance obligations.
Security Maturity Assessment
Many organisations don’t know where to focus their efforts to improve their security practices and posture. This is particularly true when they have limited budgets and resources to invest. A maturity assessment is an effective way to identify what you could do to improve your security posture.
A maturity assessment will help you achieve your desired level of maturity by assessing your current maturity level, helping you to define and capture your desired maturity level and delivering a prioritised roadmap to move from the current to the desired state in a practical and cost-effective way.
Security Policy Development
Security policies and the supporting standards, guidelines and processes are essential tools for any organisation seeking to establish a security culture. They demonstrate senior management’s commitment and describe the security behaviours expected of employees.
Developing a security policy framework that clearly articulates the rules and actions required to achieve your information security objectives ensures your employees understand their roles and responsibilities in the protection of your information assets.
Virtual Information Security Officer
Many organisations cannot justify retaining a skilled information security team in-house. Even when a full-time position can be justified, it is often difficult to find someone who has all of the governance, risk and assurance skills an organisation may need.
Our Information Security Officer service is a perfect way for you to gain the security and privacy expertise you need, in a cost-effective way. We will provide you with a dedicated consultant, backed by our entire team, with the skills, knowledge and experience you require to achieve your information security objectives.