www.itgovernance.co.uk

Cybersecurity Management Solutions End-to-end management solutions tailored to your needs

Achieve compliance to ISO27001 - the international cybersecurity management standard

Implement an ISMS effectively and efficiently with bespoke documentation toolkits

Train your staff with the world’s first programme of certificated ISO27001 education

Reduce time and overheads in conducting information security risk assessment with vsRiskTM

Receive professional consultancy support

vsRiskTM Simplifies Information Security Risk Assessment

Risk assessment is the core competence required to achieve compliance to ISO27001 and

ensure effective information security management. Clause 4.2.1(c) of the standard defines that the risk assessment methodology must produce ‘comparable and reproducible results’ establishing a baseline against which the effect of the application of controls (risk countermeasures) can be measured.

vsRiskTM automates and simplifies the risk assessment process and significatly reduces time and overheads. It assesses confidentiality, integrity and availability of all information assets. This tool contains all ISO27001/ISO27002 controls with additional control databases available.

vsRiskTM is available as either a standalone or network enabled version.

www.itgovernance.co.uk/shop/p-1228.aspx

How can IT Governance help your organisation comply with ISO27001 - the international cybersecurity standard?

IT Governance offers many varied tools and resources to help your organisation achieve compliance to ISO27001. From copies of the ISO27001 family of standards, books and risk assessment software tools, through to training and consultancy, we can help you and your organisation at every step of the way. Below is a selection of the resources we offer that can guide you through the process of implementing an ISO2700-compliant Information Security Management System (ISMS).

You can download a free ISO27001 Introductory Green Paper from our website: www.itgovernance.co.uk/iso27001.aspx.

‘Fantastic course for anyone wanting to make an informed decision around implementing ISO27001’

Rich Mullens, Head of IT, Home Fundraising Ltd

Standards

ISO27001 Library

Foundation Course

Lead Implementer

vsRiskTM Tool

Pen Testing

PlanToolkit

Training & Awareness

Compliance Database

Risk Management

DoInternal Auditor

Lead Auditor

Pen Testing

Monitor & Review

Preparation for Audit

Certification Audit

CheckReview & Improve

Maintenance Service

Post-stage 2 Audit

Act

IT Governance The single source for all your cybersecurity and ISO27001 requirements

ISO27000 Standards

All ISO27001 projects require a detailed understanding of the Standards and we recommend you purchase and read the original copies from our extensive range of standards and publications.

www.itgovernance.co.uk/iso27000-family.aspx

The ISO27001 Library

IT Governance offers the most comprehensive range of ISO27001, IT governance and information security publications available in the market today. From pocket guides covering the basics to implementation guides with detailed explanations, our books provide a complete solution for every member of staff involved in implementing and maintaining the ISO27001 Standard.

www.itgovernance.co.uk/shop/c-117-books.aspx

ISO27001 Documentation Toolkits

Our unique documentation toolkits are designed to accelerate the development of an ISO27001 Information Security Management

System and to fully satisfy the documentation requirements as outlined by Clause 4.3 of the Standard. With 120 pre-written policies, procedures and templates together with practical books and guides, toolkits are compiled to provide a complete ‘out-of-the-box’ solution designed to save you time and money in the creation of all essential ISO27001 documents. Package options include copies of the Standards, the vsRiskTM risk assessment software tool and 12 months of automatic updates and 6 months of documentation support.

www.itgovernance.co.uk/iso27001_toolkits.aspx

ISO27001 Compliance Database and Update Service

Clause 4.2.1(b)2 of the ISO27001 Standard requires you to develop your ISMS, taking ‘into account business and legal or regulatory requirements,

and contractual security obligations’.

The ISO27001 Compliance Database and Update Service (available on a subscription basis) delivers all of the documentation and regulations required to develop your ISMS. This includes the growing number of statutes and regulations, IPR and copyright, software protection, data protection, privacy, PCI DSS and cryptographic controls information.

www.itgovernance.co.uk/shop/p-715.aspx

Penetration Testing

Penetration Testing (often called ‘Security Testing’) establishes if the security in place to protect a network or application against external threats is adequate and

functioning correctly. It is an essential component in any ISO27001 ISMS – from the initial risk assessment process, the subsequent Risk Treatment Plan and to ensuring ongoing corrective and preventative action. IT Governance offers a range of Penetration Testing services designed to test network infrastructure, Web applications and wireless networks.

www.itgovernance.co.uk/penetration-testing.aspx

Certified Training

IT Governance is responsible for delivering the world’s first programme of certificated ISO27001 education. We offer delegates the opportunity to attain an industry-standard qualification building a successful career in information security, as well as to help their organisation achieve compliance and implement best practice with the Standard. Clause 5.2.2 of ISO27001 specifies that organisations must ensure that ‘all relevant personnel are competent to perform the tasks required of them’.

Foundation LevelISO27001 Certified ISMS Foundation (CIS F)ISO27002 Certified Foundation (EXIN Certificate)

Advanced LevelISO27001 Certified ISMS Lead Implementer (CIS F)ISO27001 ISMS Internal Auditor ISO27001 Certified ISMS Lead Auditor (CIS LI)ISO27005 Certified ISMS Risk Management (CIS RM)

Delegates who successfully complete the examinations associated with the ISO27001 ISMS Foundation, Lead Implementer, Lead Auditor and Risk Management courses are awarded qualifications approved by the International Board for IT Governance Qualifications.

IT Governance is an Approved Learning Provider for the MOD Enhanced Learning Credits Scheme (ELCAS).

www.itgovernance.co.uk/training.aspx

Information Security & ISO27001 Awareness E-learning

E-learning is the most cost-effective way to deliver the information security

awareness training required by clause A8.2.2 of the ISO27001 Standard. Our comprehensive e-learning course is designed to increase employees’ awareness of the ISO27001 requirements and thereby reduce the organisation’s liability due to security failures. This course not only familiarises learners with the basics of information security, including security threats via e-mails, the Internet and in the workplace, but also introduces the policies on incident reporting and responses.

www.itgovernance.co.uk/itg-elearning.aspx

‘Support during [the audit] was excellent. I could not have had the confidence to conduct it without [IT Governance].’

Shila Parbhoo, Welsh Assembly Government Statistical Directorate

Recognised by third party accredited certification bodies

Whilst independent of vendors and certification bodies, encouraging clients to select the best-fit for their needs and objectives, IT Governance is widely recognised amongst UKAS accredited certification bodies as a leading ISO27001 consultancy.

www.itgovernance.co.uk/iso27001.aspxE-mail: servicecentre@itgovernance.co.uk

Phone: + 44 845 070 1750

Version 3.3

Consultancy Services

We are acknowledged by our peers as one of the leading ISO27001 consultants in the UK. Our expertise with ISO27001 (what used to be called BS7799/ISO17799) dates from the very first implementation of an accredited ISMS. Our experienced and practical consultants provide advice and support through all phases of an ISO27001 project, from pre-planning and board approval through to implementation and successful certification.

By creating a unique mix of the following services, IT Governance is able to provide the skills and advice you require at a cost you can afford:

Mentor and Coach An assigned consultant advises your internal project team on the key stages of the project, developing answers from first principles to ensure knowledge transfer and understanding.

In House We take away the problem of resourcing key aspects of your project, handling specific tasks, or even the hassle of running your project by providing a resource to work for you – similar to having an interim specialist focused just on your specific project needs.

LiveOnline We provide detailed, focused advice on resolving your issues, delivered remotely by one of our resident experts.

FastTrackFor smaller organisations based at a single office location, our fixed price FastTrackTM ISO27001 Consultancy Service will deliver UKAS-accredited ISO27001 certification in just three months.

Why choose IT Governance consultancy for your ISO27001 project?

• Free initial assessment

• Pragmatic and proven approach

• Skills and knowledge transfer through comprehensive training offerings and mentor and coach approach

• Future-proofed solutions to ensure post-certification costs are minimised

www.itgovernance.co.uk/consulting.aspx

IT Governance has been awarded both ISO27001 and ISO9001 certification.

Ongoing Support & Maintenance

To support the maintenance of your Information Security Management System and ensure on-going certification to ISO27001, IT Governance is able to provide:

• Corrective and preventive actions, document updates and risk reviews

• Internal audit to check that controls in place are working as expected

• Attendance at certification audits to answer the external auditors’ questions.

Reviewing & Improving Your ISO27001 ISMS Training

This unique training programme presented by Alan Calder and Steve Watkins delivers advice and updates on:

• New technical threats and vulnerabilities • Relevant changes to legislation• How to achieve compliance to additional standards

The course will ensure the continued effectiveness of your ISO27001 ISMS in a rapidly changing business and technology environment.

Call +44 (0)845 070 1750 for details.