created their security management plan, based on ISO 27001 SPF and supporting standards, for the whole department.
Evaluate requirements for DRP and BCP for London office (main office). Plan and implement both plans and create templates for rollout to the remaining offices (22).
Review current client facing Internet applications from a security standpoint and make recommendations for improvement. This included technical testing as well as management reviews.
Develop a set of business continuity plans for the Infraco. These covered loss of facilities rather than the traditional ‘railway crash’ scenarios.
Perform ISO 27001 consultancy to get them through Certification – along with APACS 55 certification. They passed
Compliance audit including SOx, GLB, PCI DSS and BS 7799 with recommendations for closing the gap identified (Duration 3 months).
Audit existing ADS, SSPs and SyOPS, rewrite and align with BS 7799 and ensure compliance with IS1/2, GPGs and other relevant CESG guidance). Redo BCP and other procedures and submit for BS 7799 certification and upgrading to ISO 27001. They passed (Duration 6 months).
Training in Information Security for IRCA Certificated Auditor courses. Witnessed course passed by IRCA and so course certified.. (Duration 1 week).
perform ISO 20000 and ISO 27001 (Service Delivery and Security) rollout for certification. Development of a BCP to support the certification. They passed (Duration 12 months).
Creation of a Data Protection process and performing an audit to the 1998 DPA (Duration 6 months).