0330 223 0709
MoreComply with regulation, meet best practice, get measurable benefits from security investments. Security policy and process improvements bring confidence to staff, enabling your organisation to succeed in an ever more competitive world.
Comply with regulation, meet best practice, get measurable benefits from security investments. Security policy and process improvements bring confidence to staff, enabling your organisation to succeed in an ever more competitive world.
Appropriately managing an organisation’s Information Security Risk requires the selection and deployment of appropriate controls in the context of the risk attitude and culture of your business.
With over 20 years of experience, Commissum is adept at offering practical advice and recommending cost-effective solutions, to deliver a joined-up, coherent approach to protecting your organisation's information assets.
Get in touch to discuss your organisation's governance, risk and compliance requirements with our experts.
Mitigation measures or controls should work cohesively, taking account of cross-functional business requirements to create a system of integrated controls, technologies and processes, all implemented, monitored and managed to maintain effectiveness. The controls and risk mitigation activities selected may need to address specific requirements to meet financial, operational, legal, compliance and business risk obligations.
Whether it involves the traditional approach of measuring an organisation against best practice using an ISO 27001 Gap Analysis, formal assessments against government frameworks such as the HMG Security Policy Framework (SPF), or a more radical review focused on cost optimisation, Commissum has a track record that holds its own with the best.
Many organisations, faced with the challenge of getting to grips with information security risks choose to adopt best practice and perhaps certify to the ISO 27001 Code of Practice for Information Security Management (indeed, Commissum would usually recommend doing so). This ISO standard sets out, in practical terms, how the implementation of an Information Security Management System (ISMS) can enable information risk to be managed to a level acceptable to the business. In essence, it states that an effective ISMS will have the following characteristics:
Commissum fully endorses such an approach and works with organisations to maximise the benefits that arise, while minimising the costs of implementation.
"The relationship has evolved between Commissum and ASCO Group and we have now committed to a three year contract. I would have no hesitation in recommending Commissum."
