Looking for information security support or expertise?

Clause9 Solutions can help

If you need support, guidance or advice on an information security related project from an experienced Information Security and Information Technology professional with a wide range of experience across many industry sectors and in companies of all sizes, please get in touch.

Contact us now

Services

These are our core services - please use the Contact Form to let me know of any bespoke requirements or projects...

ISO 27001 Consultancy Support and Expertise

Consultancy and advisory services relating to the development, implementation, operation and management of your ISMS from a member of IST/33/1, the UK committee responsible for the development of the ISO 27000 family of standards.

Cyber Essentials Scheme Support

Deciphering the requirements of the Cyber Essentials and Cyber Essentials Plus schemes can be a challenge - I'm able to provide support and guidance for companies in preparation for their assessment by an IASME Certification Body.

AICPA SOC 2 Type 1 & II Support

I can support you through all aspects of your AICPA SOC 2 journey from initial readiness assessment through SOC 2 Type I preparations and on to initial and ongoing SOC 2 Type II audits.

Pre-implementation ISO 27001 Gap Analysis

An initial analysis of your current governance and information security control arrangements to determine how prepared you are prior to initiating an ISO 27001 ISMS project.

Certification Audit Support

The certification, surveillance or re-certification audits conducted by your certification body can be challenging if you're not familiar with the process or with ISO 27001 - I'm able to provide support and advice to help the process run smoothly. Combining this with a pre-audit health check significantly improves your chances of a positive audit outcome.

Ongoing ISMS Internal Audit

I can provide the competent, objective and impartial resource required to conduct internal audit of your ISMS as required by Clause 9.2 of ISO 27001. This service can be provided as a one-off engagement or as a regular activity.

ISMS Review or Health Check

An informal review of your ISMS, perhaps as part of your preparations for an audit by your certification body or perhaps just provide internal assurance that the ISMS is operating in an effective manner. As a health check takes place without the rigour of a formal ISMS audit, it allows a more consultative approach.

Audit Programme Management

If you are struggling to manage a complex internal ISMS audit programme, I can provide support for your internal resource or manage the programme for you. This includes liaising with internal auditees and stakeholders, arranging audits and consolidating audit reports and findings.

Third Party Information Security Assurance

I can provide resource to undertake supplier risk assessment and information security audits against ISO 27001 or your own policies and standards.

Contact Now

Further information

A strong pedigree in information security

I’ve worked in information technology and information security for many years – I completed my first Information Security Manager’s course in 1994 while serving in the Royal Air Force Police . Needless to say, things have moved on a bit since then…

Before starting out as a freelance consultant, I worked for IT Governance Ltd, a leading global provider of cyber risk and privacy management solutions, as a Senior Consultant then as a Consultancy Manager where I had the pleasure of supporting many organisations through their information security improvement journey. As the company’s ISO 27000-family “champion”, I also provided support and mentoring to consultants within my team and across the wider business. Duties included representing the company (and auditors in general) as a member of the CAS(T) User Group, the NCSC assurance scheme for organisations in the telecoms sector.

As a freelancer, I’ve worked with and supported a number of clients on AICPA SOC 2 and ISO 27001 projects from inception through to successful Type I & Type II audit and certification of the newly established ISMS. I’ve also helped companies meet the requirements of the NCSC / IASME Cyber Essentials scheme and supported a client through accreditation to the requirements of the UK Forensic Science Regulator’s Code of Practice and Conduct, the FSR-C-100.

I keep abreast of and contribute to developments in the ISO 27000-family of standards by sitting as a member of IST/33/1, the UK National Standards Body committee responsible for the ISMS family of standards. The scope of IST/33/1 includes the ISMS requirements detailed in ISO 27001, the reference set of controls in ISO 27002, and other guidelines, accreditation and auditing, and sector-specific ISMS standards such as ISO 27005, ISO 27006, ISO 27017 and ISO 27018.

Some key acheivements

  • Leading the design and implementation of an ISO 27001 ISMS for a legal technology start-up consisting of 1 single Director/founder. The ISMS achieved accredited certification and the business has gone on to be a huge success
  • Supporting a FinTech client through all aspects of their AICPA SOC 2 audit project from initial scoping of the relevant TSC and CPA selection through to drafting of the system description, including control narratives and carve-out of subservice organisation controls, leading to the initial Type I audit followed by successful initial and ongoing SOC 2 Type II audits
  • Leading the successful implementation and certification of a multi-standard management system framework comprising ISO 9001, ISO 22301 and ISO 27001 for a major UK law firm with a >£30m contract value benefit to the organisation
  • The implementation and certification of an ISO 27001 ISMS for a regional law firm with >500 employees distributed over 5 sites in 4 counties
  • Leading the successful implementation and certification of an ISO 27001 ISMS for a global satellite telecom services provider (>1500 staff, offices and operational facilities in >40 countries)
  • The implementation and certification of an ISO 27001 ISMS in tight timescales for a global software development company in order to secure business with a value >£8m (>500 employees with offices Canada, UK, India, Japan and Brazil
  • The planning, coordination and execution of a supplier assurance programme for a major vehicle manufacturer

Real world operational experience

Before information security became my primary focus, I held a number of operational IT roles. My experience includes providing service and support in a customer-facing helpdesk position, forming and managing internal IT service delivery and technical teams, and setting up an IT managed services arm for an expanding company in the digital print sector.

When I left IT Governance I took a year-long foray back into the world of operational IT as an interim IT Director for a large housing association; my tenure coincided with the start of the COVID-19 pandemic which drove the need move the organisation from a legacy office-based way of working where everyone worked from a set desk to the “new normal” of remote and hybrid working from home offices and kitchen tables usng modern collaboration applications such as Teams in Office365 on new-fangled laptop devices. Although there were many challenges, my team an I successfully mpoved the entire organisation to a secure and flexible working posture within a very short period of time.

Poacher turned Gamekeeper

Having sat on the ‘sharp’ side of the desk, I understand the challenges and tensions in delivering technology services in a secure manner and appreciate the business and commercial challenges faced by senior and executive IT management. I’m able to see these challenges from a business perspective as well as from the viewpoint of a certification body or relevant standard. This allows me to help clients meet ISO 27001 and other requirements in a manner that doesnt break the bank or the business!

When it comes to audit, my information security, technical, and business background is a massive benefit as I’m able to audit and challenge working practices and technical controls based on real world experience.

My background provides perspective on and background knowledge of some common problem areas that may get missed by other auditors. Having these exposed during internal audit can help avoid costly incidents as well as providing increased assurance to you and your certification body that the internal ISMS audit has been robust.

Over the years working in IT, I passed 19 Microsoft technical exams plus a plethora of other technical exams – qualifications range from the obligatory HNC thru ITIL and PRINCE 2 foundations, certified Watchguard System Professional and even Apple Desktop Support Engineer.

In order to keep up to date with the changing world of information and cyber security, I’m currently studying for the ISC2 CISSP qualification

Qualifications include:

  • IBITGQ ISO/IEC 27001 CIS Lead Auditor (CIS LA)
  • BCS Certificate in Information Security Management Principles (CISMP)
  • Microsoft Certified Systems Engineer and Administrator (MCSE / MCSA)
  • IBITGQ ISO/IEC 2700 CIS Lead Implementer (CIS LI)
  • CompTIA Security+ Certified Professional
  • Microsoft Certified Systems Engineer and Administrator (MCSE:Security / MCSA:Security)
  • IBITGQ EU GDPR Foundation and Practitioner
  • HNC in Computing – Business Information Technology
  • MS Certified Technology Specialist (MCTS)
  • IBITGQ Managing Cyber Secrity Risk GDPR Practitioner
  • Microsoft Certified Solutions Associate (MCSA)
  • PRINCE2 & ITIL V3 Foundation Courses

Costs will be discussed when scoping a project or piece of work as the number of variables associated with any piece of work makes it unrealistic to quote a standard day rate for all clients and every type of engagement.

The fee payment structure can be tailored to suit your needs – a standard day rate for an agreed number of days, a monthly invoice for days called off over the period or milestone based payment structure.

All standard expenses such as hotels, travel and subsistence will be discussed before any expenditure and will be invoiced back to the client at cost; wherever possible, we will comply with your travel, subsistence and expenses policies for overseas engagements.

We are VAT registered so all fees will have 20% VAT added during invoicing.

Payment terms are 30 days from issuing an invoice.

Contact Now

From Our Blog

ISMS Auditor Competence

  • 14 October 2020

One of the topics that generates questions from a large number of clients is who can conduct internal ISMS audits.…

Read the blog →

Contact

Call, email or use the Contact Form to get in touch. Please ensure you provide contact details so I can respond as quickly as possible...

Call or email

+44 (0)7446 175026
enquiries@clause9.co.uk

    Clause9 Solutions Limited is a limited company registered in England and Wales. Registered No: 12933959 | Registered office: 35 Westgate, Huddersfield, HD1 1PA. | VAT No: GB359932550 | © 2022 All Rights Reserved | Powered by Wordpress | Made with ❤ by Themely | Privacy Policy