Last Review: 24 September, 2017, Halkyn Consulting Ltd, 2017, http://www.halkynconsulting.co.uk/a/

Information Security & Compliance

Protecting your business by protecting your data

Losing business information can be devastating, giving competitors an advantage and damaging customer confidence. Losing customer data can be catastrophic, leading to fines and massive loss of customers. If you supply services to other businesses, being able to show that you can protect your customers, and your own, data can be paramount for winning and retaining contracts. Our information security services help you identify realistic threats, implement sensible controls and comply with contracts, regulations and any other requirements. See our testimonials.

Information Security Services

Information Security

Information security is about protecting the data that supports and drives your business. Information can come in many forms, from the electronic files you use, to the databases you have compiled, to the printed documents you keep in cabinets and desk drawers. When we talk about information security controls, this can include the immediately obvious technical measures like firewalls, encryption and monitoring software, but this also requires good physical security, pre-employment screening and risk management to ensure they are properly implemented.

Halkyn Consulting - Information Security Services

Information is important to every organisation, but we are aware that each situation requires a different response and tailored security controls driven by a robust threat-based risk assessment plan. To this end, we always ensure that our services are fine-tuned to deliver maximum benefit to you and your organisation. Additionally, your security requirements will change over time, as threats evolve and your assets mature, so we have made sure all our services are flexible enough to cater for your changing requirements.

Our core information security services fall into the following categories:

  • Infosec Review. Our security professionals will visit the locations you specify and work with you to identify what security controls are in place, and how effective they are at reducing your risks.
  • Infosec Inspection. Where you need to verify compliance with a specific set of standards (such as ISO27001, SPF, SoGP, PCI-DSS etc), or you want to verify a 3rd party supplier's compliance, we can carry out an independent inspection on your behalf.
  • Infosec Improvement. All security measures degrade over time and eventually breaches occur, our improvement services will work with you to identify the best way to bring in new controls or refresh existing ones.
  • Technical Security Assessment. Testing your security controls is the best way to gain assurance that they are suitable. Our security professionals can put your organisation’s controls through their paces in a variety of real world scenarios, using technical and physical attacks, to identify if there are any weaknesses that need fixing.
  • Technical Security Design. If you are looking at building, or rebuilding, your technical & information management environments, we can work with you to ensure that cost-effective, robust security is built in from the ground up.
  • Infosec Documentation & Compliance. Where you are required to produce documentation showing what controls you have and why you have implemented them (e.g. for compliance checks or for ISO27001 certification etc.), you can use our expertise in producing detailed risk management documents to show what security you have and why you have it.

Often your needs will dictate a combination of our services and if you want to learn more about how Halkyn Consulting can improve your information security then get in touch. For the ultimate in peace of mind combining physical security, information security, policy development and awareness training, then check out our annual security assurance package.

Information Security Processes

Secure what matters

The first step in all our information security services is to work with you to properly identify what information assets you have, and how important these are to your business. This allows you to have a clear understanding of the information that drives your business and, by knowing how valuable it is, you are better placed to determine suitable controls.

During this process, we will always remain fully engaged with you - and any key stakeholders you identify - to make sure that we are working on a full picture of how your business uses different types of information asset.

Secure against real threats

Once we have worked with you to identify and classify your information assets, we will continue to engage with you to identify what credible threats you face rather than the ones which have the most news coverage this week.

This is an important step which helps reduce the risk that you will expend finite resources dealing with threats that will never materialise.

It is also important to be aware that often security service vendors will play up particular threats that their product is good at dealing with to encourage you to buy their service. Because we are a fully independent consultancy, you can be confident that our advice is given with your best interests in mind.

Good security practice

Our consultants give you access to a wealth of knowledge about good security practices and how they apply to your business. You may want to comply with an international standard (such as ISO 27001) or it may suit your business better to use a selection of good practice ideas from varying standards. Our consultants will work with you to ensure that the end approach is suitable and effective for your situation.

Working with you, we will help you identify what your key assets are, what threats they face, and how best to mitigate the risks that are created. Through this, you will be able to take advantage of our experience in many different sectors and apply the lessons learned to your own business, organisation or home.