A major London based Financial Services company wanted to review and update their Information Security capabilities following a merger with another company.

Define an Information Security Risk Management Framework, and then implement by integrating the risk operations of the InfoSec team and IT infrastructure team.

Carry out a gap analysis of the security documentation set against ISO27001

Create key policies and procedures aligned with ISO27001 and Cyber Essentials

Set up functional teams to implement key security procedures

Define and set up an Information Governance forum for developing and maturing the organisation’s Information Security capability

Developed Risk Management Framework and defined supporting Policy and Procedure documentation. Also defined configuration changes to Risk Management tools and work-flows.

Conducted gap analysis of existing policy document set against ISO27001 and Cyber Essentials. Then wrote / updated key Information Security policy documentation.

Set up operations for: Vulnerability Management, Risk Management

Created Terms of Reference for Information Security Governance Board and set up and ran initial meetings.

Policy document set aligned with ISO27001 written / updated.

On-going Governance and Risk Management Framework implemented.

Following implementation, Risk Management Framework passed NIST Cyber Security Framework audit by 3rd party.

• cyber security
• Cyber Essentials
• ISO 27001 Consultancy
• Enterprise IT Governance
• Risk Management

• Digital Enablement

• Financial Services