Consulting Services
Outsourced CISO Services
Managing information risk can be daunting, which is why we offer a Client Information Security Officer service (CISO) to provide you with the capabilities necessary to tackle the challenge.
Our CISO service
is designed to help you manage information security with a capable and informed management team, and a skill set that includes an understanding of the legal context within which your organisation operates, insights into the risk profile and risks faced by your organization, and a formal understanding of the best information security practices, including ISO2700α, PCI, BS10019, and related.
We are experienced in enterprise risk management practices such as COSO and we have insights into the capabilities of information security technology, which we utilise to help you remain informed regarding developments in the information risk management sphere. Additionally, we offer access to specialised skills when required, and we can engage at all levels of your organisation, from technologists to the board.
At Performanta, we understand that these capabilities are rare, making it difficult for most organisations to adequately address the requirement. That's why we offer a comprehensive approach to information security management that fully satisfies these requirements while adhering to the approaches advocated within ISO27001:2013 and BS10012:2016.
We provide ISO27001/2 assessment and remediation services, and we have developed an MSSP approach based upon the Deming (PLAN-DO-CHECK-ACT) cycle, referred to within ISO27001 as the Information Security Management System (ISMS). This system preserves the confidentiality, integrity, and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed.
Our governing principle is that an organszation should design, implement, and maintain a coherent set of policies, processes, and systems to manage risks to its information assets, thus ensuring acceptable levels of information security risk. The ISMS approach we utilise uses the Deming Cycle, known commonly as the PLAN-DO-CHECK-ACT cycle:
Plan:
establish the Information Security Framework of activities and set the context within which it must operate structure, baseline, policies, plans;
Do:
implement the activities as defined within the planning phase;
Check:
validate, using quantifiable measures, the effectiveness of the implementation; and
Act:
review the effectiveness of the ISMS and modify it, if necessary
At Performanta, we believe that our approach to information security management is the best way to keep your organisation safe and secure.
Contact us today to learn more about how we can help you with all aspects of information security management.