ISMS Auditor Competence
One of the topics that generates questions from a large number of clients is who can conduct internal ISMS audits.…
If you need support, guidance or advice on an information security related project from an experienced Information Security and Information Technology professional with a wide range of experience across many industry sectors and in companies of all sizes, please get in touch.
These are our core services - please use the Contact Form to let me know of any bespoke requirements or projects...
Consultancy and advisory services relating to the development, implementation, operation and management of your ISMS from a member of IST/33/1, the UK committee responsible for the development of the ISO 27000 family of standards.
Deciphering the requirements of the Cyber Essentials and Cyber Essentials Plus schemes can be a challenge - I'm able to provide support and guidance for companies in preparation for their assessment by an IASME Certification Body.
I can support you through all aspects of your AICPA SOC 2 journey from initial readiness assessment through SOC 2 Type I preparations and on to initial and ongoing SOC 2 Type II audits.
An initial analysis of your current governance and information security control arrangements to determine how prepared you are prior to initiating an ISO 27001 ISMS project.
The certification, surveillance or re-certification audits conducted by your certification body can be challenging if you're not familiar with the process or with ISO 27001 - I'm able to provide support and advice to help the process run smoothly. Combining this with a pre-audit health check significantly improves your chances of a positive audit outcome.
I can provide the competent, objective and impartial resource required to conduct internal audit of your ISMS as required by Clause 9.2 of ISO 27001. This service can be provided as a one-off engagement or as a regular activity.
An informal review of your ISMS, perhaps as part of your preparations for an audit by your certification body or perhaps just provide internal assurance that the ISMS is operating in an effective manner. As a health check takes place without the rigour of a formal ISMS audit, it allows a more consultative approach.
If you are struggling to manage a complex internal ISMS audit programme, I can provide support for your internal resource or manage the programme for you. This includes liaising with internal auditees and stakeholders, arranging audits and consolidating audit reports and findings.
I can provide resource to undertake supplier risk assessment and information security audits against ISO 27001 or your own policies and standards.
I’ve worked in information technology and information security for many years – I completed my first Information Security Manager’s course in 1994 while serving in the Royal Air Force Police . Needless to say, things have moved on a bit since then…
Before starting out as a freelance consultant, I worked for IT Governance Ltd, a leading global provider of cyber risk and privacy management solutions, as a Senior Consultant then as a Consultancy Manager where I had the pleasure of supporting many organisations through their information security improvement journey. As the company’s ISO 27000-family “champion”, I also provided support and mentoring to consultants within my team and across the wider business. Duties included representing the company (and auditors in general) as a member of the CAS(T) User Group, the NCSC assurance scheme for organisations in the telecoms sector.
As a freelancer, I’ve worked with and supported a number of clients on AICPA SOC 2 and ISO 27001 projects from inception through to successful Type I & Type II audit and certification of the newly established ISMS. I’ve also helped companies meet the requirements of the NCSC / IASME Cyber Essentials scheme and supported a client through accreditation to the requirements of the UK Forensic Science Regulator’s Code of Practice and Conduct, the FSR-C-100.
I keep abreast of and contribute to developments in the ISO 27000-family of standards by sitting as a member of IST/33/1, the UK National Standards Body committee responsible for the ISMS family of standards. The scope of IST/33/1 includes the ISMS requirements detailed in ISO 27001, the reference set of controls in ISO 27002, and other guidelines, accreditation and auditing, and sector-specific ISMS standards such as ISO 27005, ISO 27006, ISO 27017 and ISO 27018.
Before information security became my primary focus, I held a number of operational IT roles. My experience includes providing service and support in a customer-facing helpdesk position, forming and managing internal IT service delivery and technical teams, and setting up an IT managed services arm for an expanding company in the digital print sector.
When I left IT Governance I took a year-long foray back into the world of operational IT as an interim IT Director for a large housing association; my tenure coincided with the start of the COVID-19 pandemic which drove the need move the organisation from a legacy office-based way of working where everyone worked from a set desk to the “new normal” of remote and hybrid working from home offices and kitchen tables usng modern collaboration applications such as Teams in Office365 on new-fangled laptop devices. Although there were many challenges, my team an I successfully mpoved the entire organisation to a secure and flexible working posture within a very short period of time.
Having sat on the ‘sharp’ side of the desk, I understand the challenges and tensions in delivering technology services in a secure manner and appreciate the business and commercial challenges faced by senior and executive IT management. I’m able to see these challenges from a business perspective as well as from the viewpoint of a certification body or relevant standard. This allows me to help clients meet ISO 27001 and other requirements in a manner that doesnt break the bank or the business!
When it comes to audit, my information security, technical, and business background is a massive benefit as I’m able to audit and challenge working practices and technical controls based on real world experience.
My background provides perspective on and background knowledge of some common problem areas that may get missed by other auditors. Having these exposed during internal audit can help avoid costly incidents as well as providing increased assurance to you and your certification body that the internal ISMS audit has been robust.
Over the years working in IT, I passed 19 Microsoft technical exams plus a plethora of other technical exams – qualifications range from the obligatory HNC thru ITIL and PRINCE 2 foundations, certified Watchguard System Professional and even Apple Desktop Support Engineer.
In order to keep up to date with the changing world of information and cyber security, I’m currently studying for the ISC2 CISSP qualification
|
|
|
|
|
|
|
|
|
|
|
|
Costs will be discussed when scoping a project or piece of work as the number of variables associated with any piece of work makes it unrealistic to quote a standard day rate for all clients and every type of engagement.
The fee payment structure can be tailored to suit your needs – a standard day rate for an agreed number of days, a monthly invoice for days called off over the period or milestone based payment structure.
All standard expenses such as hotels, travel and subsistence will be discussed before any expenditure and will be invoiced back to the client at cost; wherever possible, we will comply with your travel, subsistence and expenses policies for overseas engagements.
We are VAT registered so all fees will have 20% VAT added during invoicing.
Payment terms are 30 days from issuing an invoice.
One of the topics that generates questions from a large number of clients is who can conduct internal ISMS audits.…
Call, email or use the Contact Form to get in touch. Please ensure you provide contact details so I can respond as quickly as possible...
Clause9 Solutions Limited is a limited company registered in England and Wales. Registered No: 12933959 | Registered office: 35 Westgate, Huddersfield, HD1 1PA. | VAT No: GB359932550 | © 2022 All Rights Reserved | Powered by Wordpress | Made with ❤ by Themely | Privacy Policy