Information Security and pre-ISO27001 and pre-Cyber Essentials audits
We conduct information security audits for legal practices and other organisations, and provide them with a detailed report outlining the strengths and potential trends for risk that emerge.
It is important for all organisations, and especially their leadership, to recognise that information security is not wholly an ‘IT problem’.
The overwhelming majority concerns, breaches and risk are caused by (and can be resolved by) human interaction.
Like everything else that we do, our Information Security audits/visits are intended to be conducted on a fixed fee basis.
The process is tailored to the organisation
As with our file review service we tailor each round of auditing activity/visits to the needs of the organisation. This might mean that we visit one office annually or, at the other end of the scale, visit each office/location every quarter or even monthly.
We can focus on staff/people or premises/environment, and can precisely adjust the criteria in each case.
For organisations that hold a quality Mark, such as ISO27001 or Lexcel where information security plays an important role, we can conduct the auditing activity to ascertain the level of risk or volume of gaps that might exist so that they can be addressed in good time prior to an assessment visit.
We visit your office(s)/location(s) and record the outcomes on our specifically coded spreadsheets.
The criteria can be set to suit the organisation; it is 100% adaptable to any Standard, regulation or requirement.
We conduct visual inspections and if required, also discuss information security (and data protection) with members of staff.
There can be a report for each office/location or member of staff or department, etc.
Then we consolidate all of the data into a report, including a set of 'dashboard visuals' of performance.
At a glance, a picture is delivered of areas of concern, anywhere in the practice/organisation.
We drill down by department or office/location.
This provides practices with a helicopter view of compliance and risk, as well as pinpointing trouble-spots that require action.
We can build a snapshot of trends, by department or office/location.
Our report provides a detailed narrative, including (but not limited to):
- Consideration of reasons for the trends.
- Potential directly or indirect risks, including regulatory risk.
- Identification of potential training requirements or supervision enhancements.
- Systematic concerns.
- Identification of hot-spots of good practice; potential to capitalise upon opportunities.