Just how much is riding on your organisation’s cyber security and information management?
Accessing Exposure

The first step in securing your information is understanding where the vulnerabilities in your organisation lie.


GET
STARTED

Managing Risks

To bring threats under control you need prioritised solutions rolled out through processes, systems and staff awareness.


SEE
HOW

Maintaining Standards

Achieving standards helps with approved supplier lists and more. We help with GDPR, IASME, Cyber Essentials and ISO certification.


READ
MORE

Our Services

Information security – your choice

For many, ISO27001 will provide evidence that you are taking information security seriously; that your organisation can be trusted to handle customer data; that you can be relied upon to keep trade secrets confidential; that you have what it takes to be an approved supplier or partner; that you protect personal data and comply with GDPR.

Whether you want official recognition of an exemplary track record, or need to ensure that past incidents cannot happen again, ISO/IEC 27001 and related information security standards (including BS-10012) can provide the framework for continuous improvement and measures of achievement that you need.

Some security standards are deemed too heavyweight for many, which is why we are also certified assessors in the new Cyber Essentials Scheme and the IASME Standard (Information Assurance for Small and Medium Enterprise), which includes GPDR readiness.

We provide a range of information security services that range from initial advice through to your security assurance award and beyond:

Security Risk Assessment

We will plan, lead and if necessary resource a comprehensive audit of your information security vulnerabilities. We consider policies, procedures, operations, technology infrastructure and human interactions. read more

Risk Treatment

Once you know where you are most vulnerable, we will help devise the most appropriate measures and prioritise their implementation. For those risks that cannot be cost-effectively eliminated, we will help you plan mitigating actions. read more

Validation and Audit

With the risks properly understood and measures in place to maintain the confidentiality, integrity and availability of your information resources, we will help you obtain the recognition you deserve with validation in advance of full audit. read more

If you would like more information or assistance, no matter what stage you are at, please contact us.

Cyber Essentials

Cyber Essentials

Cyber Essentials is a straight-forward, no nonsense, scheme to help organisations protect themselves against the majority of online attacks. It is applicable to all sizes of organisations, and is particularly useful for small and medium-sized enterprises.

By adopting Cyber Essentials you will demonstrate your committment to securing yourself and your customers through the application of five foundation controls:

  • Boundary firewalls and internet gateways
  • Secure configuration
  • Access control
  • Malware protection
  • Patch management

The Cyber Essentials scheme enables organisations to gain one of two new assessment badges.

  • Cyber Essentials – a self assessment against the five basic controls, independently verified by a qualified assessor.
  • Cyber Essentials PLUS – a higher level of assurance, whereby a qualified and independent assessor examines the same five controls, testing that they work in practice by simulating basic hacking attacks.

It is backed by industry including the Federation of Small Businesses, the CBI as well as a number of insurance organisations which are offering incentives for businesses.

To find out more and to discuss your Cyber Essentials requirements in more depth, please contact us.

GDPR

General Data Protection Regulation

Since 25 May 2018 most processing of personal data by organisations will have to comply with the EU General Data Protection Regulation.

The Information Commissioner’s Office recommends 12 steps to prepare for GDPR:

  • Staff awareness
  • Understanding and documenting the information you hold
  • Privacy statements & policies
  • Managing individuals rights
  • Managing subject access requests
  • Understanding the lawfulness of processing data
  • Managing consent
  • Requirements for children’s consent
  • Managing data breaches
  • Data Protection by Design & Conducting Data Protection Impact Assessments
  • Need for a Data Protection Officer
  • International transfer of data

Of course, a key part of ‘protection by design’ is that you need to look after all of that personal data. Part of the solution to providing protection could be by implementing Cyber Essentials, which can also be accomplished by adherence to the the IASME Governance Standard. Furthermore, by including the specific GDPR aspects, certification to the IASME Governance Standard provides a wider governance system for the management of the controls protecting personal data.

We can help you at any point on you GPDR project.

About

Greyfield Consultancy – Information Security Experts

For more than a decade our staff have been helping security-conscious organisations in the UK to keep information secure.

Our experience includes both public and private sector information security. In addition to taking companies to ISO/IEC 27001 accreditation, we have worked extensively within HMG’s Security Policy Framework (SPF).

We have been retained as advisors on security architecture, having reviewed security solutions for HMG projects including the Ministry of Defence and have provided risk assessments for companies seeking board level confidence in business protection and as well as those seeking defence assurances.

Our consultants are approved by the National Cyber Security Centre to provide Information Assurance advice on systems processing information under the Government Classification Scheme.

Our technical expertise extends to the security that is designed into products and systems, as well as the secure application of those solutions within other organisations.

The nature of our business means that we are limited in what information we share about past experience, but we endeavour to answer all questions as far as reasonably possible. Please contact us for more insight.

Contact

Contact Us

To discuss your Cyber Essentials, IASME, ISO/IEC 27001 or other information security requirements in more depth, please contact us.

Phone:

Call us on 01225 290191

Email:

Send us an email: info @ greyfield.co.uk.
 

Statutory Information:

Greyfield Consultancy Services Ltd. is registered in England number 06748323
at Richmond House, Wells Road, Bristol, BS39 6EJ