Professional Services

Helping you make governance, risk and compliance a seamless part of the way you work

Learn more
Image of a man writing on a whiteboard

Risk and Compliance

Every organisation operates with risk, it is something that is present every day. There are many types of risk some of which are more familiar such as Health and Safety.

In a world where data is king, and protecting it is critical to your ability to continue to operate IT, Information Security and Cyber Risk cannot be ignored. Risk can either be; accepted, mitigated or transferred.

Net-Defence will assess your organisation through a simple 8 step approach. The end result will be risk register which will allow your organisation to;

  • Understand the types of risks and the associated level of risk in which they operate
  • Continual review and monitor critical risks and mitigating controls
  • Make changes to mitigate risk to a lower and more acceptable level

Risk management is key in being able to satisfy regulatory and legal requirements as well as demonstrating your commitment to governance and compliance to your customers.

At the heart of the Net-Defence process is the CIA triad which is central to all IT and Information Security Governance and Risk Management;

  • Confidentiality: Your information is protected from unauthorised access.
  • Integrity: Your information is accurate and complete, and secured from corruption.
  • Availability: Your information is accessible when needed, by authorised users.

Net-Defence recognised risk is ever changing and evolving and we are here for the long term to provide ongoing;

  • Guidance – assessing new and emerging risks within your organisation.
  • Consultancy – finding solutions to continue to mitigate your risk.
  • Continuous Monitoring – implementing technology and management systems such as ND Workflow to provide alert and drive action.
  • Calculate CIA Score
  • Practical Support – providing policies and processes to manage and mitigate risk.

Cyber Essentials

Cyber Essentials (CE) is a UK Government assurance scheme which is operated by the National Cyber Security Centre (NCSC).

The main purpose of this accreditation is to help defend your business from the most common cyber threats and ensuring you have applied best practice across your IT infrastructure.

There are 2 levels of certification; self-assessment (Cyber Essentials) and Cyber Essentials Plus which is includes an audit from CE practitioner.

We are accredited by Certifying body, IASME to be enable us to manage your Cyber Essentials process in-house through to your certification.

This certification allows you to demonstrate that your business is serious about security, and is proactively managing your cyber threat. Once certified, UK organisations with a turnover of less than £20m are entitled to Cyber Liability Insurance

Many attacks are simple by design, but the state of play is constantly changing and evolving. Meaning threats can come in many disguises all with the same end goal to exploit weakness in your environment.

By complete and maintaining your CE accreditation you are lower your threat risk and protecting the security of your organisation.

  • Self-Assessment
  • Review by Net-Defence
  • Guidance – Cyber Essentials Certified Engineers will guide you through the process
  • Audit – Our Assessors will highlight any areas that require improvement to achieve accreditation.
  • Certify – When the audit is complete your Cyber Essentials Plus certificate will be issued on the same day.

Cyber Essentials and Cyber Essentials plus shows your employees, your customers and suppliers that your organisation is taking steps to protect itself. It’s also becoming a common requirement in contracts that require the handling of personal information.

We know that organisations often avoid seeking accreditation due to other priorities in the business. That’s why Net-Defence can lead and govern the process on your behalf.

IASME Governance

ISO Certifications

IASME Governance

The IASME Governance standard (Information Assurance for Small and Medium Enterprises) was developed through a Government funded project to create an alternative to the International Standard (ISO 27001) specifically designed for smaller organisations.

IASME Governance focuses on your Information Security Management System (ISMS). This is a pragmatic risk-based approach consisting of processes, technology, assets and people that is implemented to protect your organisation’s information and data.

It enables compliance with many UK Laws, targeting on protecting the 3 key aspects of your information known as the CIA Triad;

  • Confidentiality: Your information is protected from unauthorised access
  • Integrity: Your information is accurate and complete, and secured from corruption
  • Availability: Your information is accessible when needed, by authorised users

There are two levels of certification;

  • Self-Assessment; risk-based appraisal of your organisation against key aspects of security
  • Audited (Gold Standard); on site audit of your processes and procedures covered by the IASME Governance Standard

Organisation’s often avoid or delay the journey to attain valuable certifications for many reasons, here at Net Defence we can take your through the end to end process bring our IT and Governance expertise in to your business to ease the burden through;

  • Self-Assessment – Our Certified Assessors will guide you through the appraisal
  • Audit – Our Assessors will offer an advisory service and provide a GAP analysis to help you achieve accreditation
  • Implement – Our Assessors and IT professionals can assist you to implement solutions to close all gaps identified
  • Certify – Our Certified Assessors will conclude the process and award your certification

We’re here to help guide you through the world of information security in a digital era. Trust Net-Defence to help you protect your organisation.

ISO Certifications

Security Testing

ISO Certifications

ISO Standards are internationally known and developed by national and international standard committees. They highlight the fact you are producing services that are safe, reliable and of good quality. ISO Standards open doors to new customers and strengthen your existing business.

ISO standards not only help you comply with regulations – in conjunction with third-party certification by an accredited certification body,  they also help you demonstrate to potential customers and authorities that you are doing things ‘by the book’ and providing quality products or services.

Solid foundations are the makings of a good business and ISO standards provide the bedrock for any business wishing to expand their customer base.

Net-Defence have a dedicated team of people to help you identify, benchmark and audit your current policies and processes. We can help you towards gaining accreditation for:

  • ISO 27001 – Information Security Management System (ISMS)
  • ISO 27017 – Cloud Services Security
  • ISO 45001 – Occupational Health and Safety

ISO 27001 Information Security Management

Internationally known as the standard providing requirements for an information security management system. Enables businesses to manage security of assets such as financial information, intellectual property, employee details or information entrusted by third parties, also help towards GDPR compliance.

The way in which you look after and use corporate information can mean the difference between success and failure for your business. Get it right and you’ll grow your customer-base. Get it wrong and the risks and penalties can stop you in your tracks.

ISO 27001 certification demonstrates that your business has systems in place to protect corporate information and data, whether this is online or offline. By gaining ISO 27001, customer and stakeholder confidence is increased and your company’s reputation is improved, allowing you to stand out among competitors.

ISO 27017 Cloud Services Security

Within the 27000 family of standards ISO 27017 deals with additional security controls specifically related to cloud service providers and their customers.

The objectives of the standard are to provide a security control framework and implementation guidance for both cloud service customers and cloud service providers. It identifies the risks and associated controls to use

Benefits

  • Demonstrates your company has robust controls in place to protect cloud held data.
  • Protects your brand reputation and reduces the risk of adverse publicity due to data breaches.
  • Ensures that local regulations are complied with hence reducing the risk of heavy fines.
  • Helps to grow your business by providing common guidelines across different countries

Facts

73% OF IT professionals say the biggest obstacle to cloud projects is the security of data
61% OF IT professionals believe the security of data residing in the cloud is an executive concern

ISO 45001 Occupational Health and Safety

ISO 45001 is an International Standard that specifies requirements for an occupational health and safety (OH&S) management system, with guidance for its use, to enable an organisation to proactively improve its OH&S performance in preventing injury and ill-health. ISO 45001 is intended to be applicable to any organisation regardless of its size, type and nature.

ISO 45001 enables an organisation, through its OH&S management system, to integrate other aspects of health and safety, such as worker wellness/wellbeing; however, it should be noted that an organisation can be required by applicable legal requirements to also address such issues.

Pre Assessment Audit

Who needs one?

Any organisation that has implemented a management system and wishes to determine its readiness to undergo a certification audit can seek a pre-assessment audit.

Benefits

  • Identify any non conformities and observations and implement corrective actions.
  • Contributes in the optimal preparation for the certification audit.
  • An company can focus its resources on weaknesses that might lead to non-conformities.
  • Depending on the outcome, companies can decide to postpone a certification audit that has already been scheduled or, on the contrary, face the certification audit with a renewed confidence.
  • Helps Companies avoid unnecessary additional costs.

About the Pre-Assessment Audit

A pre-assessment audit will be performed with the same objectivity as a certification audit. The auditor will conduct activities such as reviewing documentation relevant to the ISO certification the company is pursuing. Interview personnel and process owners and gather information to ascertain compliance. All audits will be carried out on site and as with any audit a report will be produced to highlight all non-conformities and observations found. This will enable the company to improve its processes were required and allow them to proceed to certification with confidence.

Security Testing

ND Workflow

Security Testing

Protecting your IT infrastructure, data and reputation of your organisation is now more, than ever critical to its ability to be successful.  Security testing is designed to detect vulnerabilities within a system and/or infrastructure that are potentially exploitable from unauthorized users.

A key part this is security testing. We offer 3 types of testing as standard, along with some bespoke offerings;

  • Web Application Penetration Testing
  • External Penetration Testing
  • Internal Penetration Testing

Web Application Penetration Testing

This is a comprehensive security review which will involve testing web and mobile applications to help uncover vulnerabilities and poor security controls. During the test we will attempt to exploit any weaknesses and insecure functionality within the application.

The test will include web facing infrastructure including your servers and network devices.

These tests can cover customised and mobile apps, as well as apps such as SharePoint, Intranet and Exchange.

External Penetration Testing

This test is a simulation of a hack against your business from outside of your network. There are 3 methodologies that can be applied;

  • Black Box – client provides no information.
  • White Box – client provides a lot of information. This can be seen as best value as it removes the reconnaissance phase.
  • Grey Box – somewhere in the middle, the client decides how much information they want to provide

The test is designed to identify weakness and vulnerabilities that could be exploited to gain unauthorised access to your systems, assets and data. This test is often referred to a Network Penetration Test.

Internal Penetration Testing

This test focusses on your internal network, should an attacker gain access via email, breached router or from a local machine (lost or stolen).  Attacks can come from many sources, including a current or previous employee. Social engineering is one common approach by both hackers and testers.

The purpose of the test is to identify any vulnerabilities such as misconfiguration of systems, which could allow an employee or other user to access, remove or delete confidential information and data held on your network. Common vulnerabilities include wireless network, mobile device and cloud-based storage and applications.

All of our tests are a simulation of a hack, using all of the tricks and tools of real-world hackers. The tester will be using a combination of their own processes, tools and experience along with cutting edge tools.

What to expect after testing

At the end of each test a report will be provided this will detail;

  • Summary of the Organisations security health (helpful for non-technical audience)
  • Risk based report for each vulnerability identified;
    • Evidence of findings
    • Real world impact

Security testing is one tool in your kit to ensure your network is secure. Our skilled testers use a combination of experience in conjunction with automated and manual techniques.

As with everything in this digital era new threats are emerging every day. Here at Net-Defence we are here to help you build the best defence possible. Why not talk with one of our specialists to understand more how we can help you and your organisation.

ND Workflow

ND Workflow

We have been able to leverage our highly skilled and certified staff to provide the content to perfectly partner with PRIMED technical and software development mastery to bring you ND WorkFlow powered by PRIMED.

Organisation’s often avoid or delay pursuing certifications due to the effort needed and the complexity of the process. This was the driving force in the development of ND WorkFlow with our friends at PRIMED, it takes all steps, actions and measures and brings them to life in a visual platform.

In practical terms; it takes the complex system of controls for ISO27001, IASME Governance and GDPR and it maps every control to individual tasks, owners, actions needed and frequency. It then measures compliance of these tasks, manages escalations and records evidence.

Driving awareness, embedding the need for compliance and accountability across your organisation which over time will become as natural as the need for health and safety.

This provides organisations with;

  • Live updates on compliance levels
  • Continuous monitoring and alert systems for overdue tasks
  • Evidence of compliance
  • Easy management review at relevant levels (e.g. Board level vs Operational level)

This automated system eliminates complexity, and eases the manual intervention, providing a simple and dynamic approach to governance management.

It doesn’t stop here though, we’re already working on other process such as, business continuity planning, disaster recovery and COVID19 policies and procedures. We’re going to continue our partnership with PRIMED to develop a suite of workflows to help your organisation.

It Services

Comms Services

GDPR - Data Privacy

GDPR has brought upon a sea of change to Data privacy with added responsibilities from the original Data Protection Act 1998. It is the biggest change to European Privacy laws in 20 years.

Penalties for non compliance can be up to 4 percent of annual turnover for a company. Having the right plan and knowing what you need to do is one of the key elements of success on your road to becoming compliant. We can assist you on the journey by:

  • Assessing your current levels of compliance
  • Highlight Processors and Controllers responsibilities
  • Develop Policies
  • Employee awareness training

The benefits to your company will be that you are compliant with a legal obligation which lowers your risk of a fine. It can also give you a marketing edge and gain trust from customers and partners.

It Services

Comms Services

IT Services

From occasional support to fully managed IT solutions.

Comms Services

Analogue, on-premise VOIP or agile cloud hosting? We can guide you through the options available.