All our services are custom-designed to suit client requirements. The following examples illustrate the kinds of activities we have performed previously ... and we relish novel challenges:

  • AI risk and security - identifying, evaluating and treating information risks associated with LLM and other AI-based systems, applications and processes, specifying, documenting and testing controls, providing expert content for expert systems.
  • Arbitration - independent, unbiased expert assistance to review, understand, challenge and respond appropriately to IT audit reports, nonconformities, supplier assessments etc. (this is NOT legal advice!).
  • Audit and assurance such as independent security strategy reviews; data centre & site/installation audits; software development projects audits (whether on, teetering or patently off-the-rails); supplier assessments/audits; ISO 27001 pre-certification audits (readiness checks, gap analyses) ...
  • Budgeting - assisting clients to prepare, negotiate, review and approve sensible budgets for risk, security and assurance-related operations, management, projects, initiatives etc.
  • Business continuity management - are your organisation’s arrangements adequate to get you through a major incident or disaster? Is that just a wishful thinking or do you know things will be OK, for sure?
  • Change - being a credible, independent, convincing agent of change, helping clients create and exploit business opportunities to change-for-the-better, developing pragmatic strategies and plans, promoting and guiding execution, measuring success.
  • CISO coaching and mentoring - a knowledgeable, trusted colleague lending you an ear to offer expert guidance based on decades of experience. Also works for CIOs, CROs and CEOs.
  • Information risk and security management - strategy, policy and governance; identifying, evaluating and addressing information risks; benchmarking; assurance; business continuity management and resilience.
  • Information risk assessment - assistance to identify, evaluate, prioritise and decide how to address information risks.
  • Information security controls assessment - tell us which standards, requirements or guidance you’d like to be reviewed or audited against - Cyber Essentials, perhaps, or ISO/IEC 27001/27701, PCI DSS, HIPAA, CSA, your own corporate standards or those of your customers maybe - and to what extent or depth.
  • IT installation review - check your physical security arrangements, essential supplies, data centre access and so forth.
  • Interim management - a safe pair of hands to hold the reins, stabilise the situation and perhaps assist with the recruitment of a permanent replacement CISO or ISM.
  • ISO27k consulting - achieve and maintain ISO/IEC 27001 certification with our expert guidance, from initial planning through implementation support, ISMS management reviews and internal audits, leading to continuous improvement and maturity.
  • ISO27k support tools - help to determine your requirements, then survey the market,  evaluate, select and negotiate prices for the most appropriate tools/systems* for your organisation.
  • Policies and procedures - preparing pragmatic policies and procedures plus creative awareness and training content for staff, managers and professionals.
  • Post-incident reviews - dispassionately, competently and independently drawing out and evaluating relevant details, developing and elaborating on responses, providing forward-thinking management reports and initiating improvement activities.
  • Privacy impact assessments - need some help to review your privacy requirements and controls, dispassionately?  Call us!
  • Product specifications and evaluations* - determining the quality and suitability of commercial goods and services in relation to objectives and requirements in the risk and security domain.
  • Professional services security - identifying, evaluating and treating information risks associated with the provision and acquisition of professional services such as accountancy, tax and legal advice, consulting ...
  • Proposals - researching, preparing and reviewing proposals for information risk and security-related functions, roles, products, systems, apps, projects, initiatives, mergers and acquisitions, changes, investments etc.
  • Resilience engineering - establishing requirements, reviewing current capabilities, planning improvements and demonstrating genuine progress in areas such as resilient technology, people and infrastructure, plus the broader business and strategy aspects.
  • Risk and security strategy - developing, critiquing and contributing to strategies, approaches and plans relating to information and cyber risk and security.
  • Security maturity - benchmarking i.e. reviewing an organisation’s information risk and security situation relative to good practices in the field, recommending and justifying improvements where appropriate.
  • Security metrics - developing measurement strategy and designing a suite of metrics to manage information risk and security systematically, effectively and efficiently; auditing, reviewing, evaluating and improving existing metrics.
  • Stress relief - need some help though a difficult busy period, or to take a break for an actual holiday (not on-call)? Call us before it all gets too much.
  • Technical documentation - preparation and updating of readable documentation describing IT systems, services, software apps, processes etc., plus training materials, launch packs, technical support guides and more.

* We neither supply third-party ISO27k support tools nor earn sales commission from the suppliers.

Call on IsecT for competent, independent guidance and dispassionate advice: let us help you figure out your requirements and find tools to suit - if any - drawing on our market knowledge and decades of experience.

IsecT’s professional services

Contact us

Copyright © IsecT Ltd. 2024

Information risk and
security consulting