Information Security is not just an IT problem - it is a business issue.
Plan-Net can help you to protect and manage information with a systematic risk-free approach. We can help you establish, implement, operate, monitor, review, maintain and improve your information security. Depending on your needs, we can conduct Information Security Reviews, ISO27001 Gap Analysis, ISO 27001 Certification, Security Policy Remediation and End-point Security Assessments.
By combining business and corporate governance experience with in-depth technical skills, Plan-Net develops better security practices whilst maintaining your business agility.
Information Security Review
The Plan-Net Information Security Review is an independent assessment designed to audit all aspects of Information Security within your organisation. Plan-Net consultants are qualified ISO27001 lead auditors so you can be safe in the knowledge that they will assess your environment thoroughly and systematically. We’ll flag the strengths and weaknesses in your current practices:
- Legal compliance: Identify and address your legal culpability in accordance with the law, including; GDPR, Computer Misuse Act, the Freedom of Information Act & Sarbanes-Oxley.
- Adherence to Regulations: Measure your business industry against business regulations including; the Electronic Communication Guidance, the FSA, PCI DSS, the AML Directive, the International Financial Reporting Standards, Basel 2 and the Turnbull Guidance.
- Client Assurances: Provide assurances to your clients and business partners that you adhere to Best Practice and regularly review your environment to ensure it is continuously improving and has effective controls in place.
- Cost Efficiency: Check for unnecessary processes that don’t add value to your business or security measures. Multiple authentication methods, or restrictive, irrelevant procedure can potentially cost millions of pounds in lost time. The Security Review identifies areas that can be streamlined to improve speed and cost-efficiency.
ISO 27001 Gap Analysis
If you are looking to start the journey towards ISO 27001 certification and seek independent verification of your Information Security Management System, Plan-Net can help.
Plan-Net's ISO 27001 Gap Analysis measures security processes and procedures against a number of control objectives and controls including the management of the following:
- Security policy
- Corporate security
- Organisational asset
- Human resources security
- Physical and environmental security
- Communications and operations
- Information access control
- Information systems security
- Information security incident
- Business continuity
ISO 27001 Certification
If you are looking to gain ISO 27001 certification to win new business opportunities or to assure existing clients and external regulators, Plan-Net can guide you through the entire process.
Confidentiality, integrity and availability are key components for Information Security Management Systems (ISMS). This can be achieved by applying a suitable set of controls including relevant policies, processes, procedures, organisational structures, and software and hardware functions. We provide project guidance, expertise and overall management of your ISMS framework including co-ordinating key resources and assisting with the production of all the necessary templates and documentation for management approval.
Security Policy Remediation
Information Security policies are as crucial in protecting your data as the technology you implement and the people you employ. Ensuring your policies conform to industry best practices is the most effective way to safeguard your organisation from the threat of attack.
Our ISO 27001 Lead Auditors will identify the strengths and weaknesses of your policies, processes and procedures. Once the gaps have been identified, Plan-Net will deliver remedial action, watertight security policies and ultimately, peace of mind for your business.
Plan-Net's Policy Remediation covers the following areas:
- Security Policy scope and objectives
- Information Security Policy
- Roles and Responsibilities
- Accountability and Approval
- Publication and Audience
- Risk Management Policy
- Incident Management Policy
- Acceptable Usage Policy
- Internal Audit Policy
- Mandatory Procedures
- Information Classification & Handling Policy
- Protective Marking Policy
- Access Control Policy
- Internet Policy
- Email Policy
- Remote Access Policy
- Computer Systems and Data Policy
- Licensing and Software Policy
- Physical Security Policy
- Legislation and Data Protection Act Policy
- Communication and Training Policy