We help you secure your business by leveraging our investment in auditing capabilities for ISO 27001, the internationally recognised information security framework.
Security Risk Management provides support and guidance to organisations on how to meet SEC OCIE and ISO 27001 standards.
As a specialist managed IT services organisation, Capital Support understands security to a level of detail that we believe can bring value to our customers. Investment in our own security, specifically in our ongoing work to align ourselves to ISO 27001, has taken us on a journey that improves our organisation. We are confident that, by providing customers with access to our Chief Information Security Officer (CISO) for a series of audits and reviews, we can help you understand and mitigate your risks, and improve your compliance to FCA and U.S. SEC regulatory requirements.
Security is a continual undertaking. It requires constant engagement across the organisation, and a keen understanding of what is or is not an acceptable risk, in exactly the same way that you would manage any other investment. Importantly, before you make any changes or deploy any technology you need to understand what risks you have. Normally this would require a significant up-front investment, but with the Security Risk Management service from Capital Support you pay a monthly fee for the duration of the engagement.
There are a number of ongoing elements to the Security Risk Management service, through which Capital Support will deliver value to your business: –
- Annual completion of a security audit aligned to ISO 27001 or SEC OCIE;
- Delivery of an audit report relating to the security assessment agreed by the customer (either ISO 27001 or SEC OCIE);
- Agree an action plan for those identified risks that require action;
- Support the resolution of the risks as identified;
- Scheduled quarterly update meetings to measure progress to agreed plan;
- Attend quarterly meetings to discuss and agree plan for following period;
- Provide template policies and other documents from our security library for the unfettered use of the customer;
- Provide distance support for security questions, queries and other ad-hoc requests.