OUR SERVICES
ISO 27001 Implementation
ISO 27001 is an international standard which defines the requirements for establishing, implementing, maintaining and improving an information security management system. The ISO 27001 standard is one against which organisations can be certified, which gives you a competitive advantage and increases stakeholder trust.
NFA solutions can assist your organisation in determining level of compliance to ISO 27001 as well as readiness for certification. From there, we can assist your organisation in the implementation of the required components. ISO 27001 is implemented with a supporting controls framework. We can assist your organisation determine the most appropriate controls framework based on your organisational context.
Information Security Risk Assessment and Management
We understand that identifying, assessing, treating and managing information security risks effectively can be a daunting process. We can assist you in the simplification of this process by utilising customised risk management tools which replace the outdated Excel way of managing risks.
We will assist your organisation in the following areas; we can provide you with a comprehensive information risk management solution, as opposed to a once-off information security risk assessment.
-
Risk Management Policy
-
Risk Management Procedure
-
Risk Identification, Assessment and Prioritisation (Aligned to ISO 27001 requirements)
-
Risk Treatment Plan creation
-
Risk management toolset implementation (Optional)
Vulnerability Management Programme Development
Staying aware of your information security posture is important. Vulnerabilities in your network are like windows and doors left ajar (sometimes even wide open) for attackers to attempt to gain access through. Knowing where these vulnerabilities are, and how to fix them will help you reduce your attack surface.
Vulnerability management is not a once-off exercise, or something that can be repeated on an annual basis. New vulnerabilities are being discovered every day. New ways of exploiting old vulnerabilities are being discovered every day.
We can assist you in developing and tailoring a vulnerability management programme that is suited to your needs. We will assist you in creating the required governance mechanisms and documentation to outline and implement a comprehensive vulnerability management framework effectively.
Vulnerability Scanning and Reporting
We can also assist your organisation by performing the vulnerability assessments, as per the required frequency in your programme, and provide detailed business-level and technical remediation reports.
Information Security Policy Development
(aligned to your risk profile and chosen control framework)
A cornerstone in a comprehensive and effective information security programme is having a complete and tailored set of policy and supporting procedure documents, to define and implement your information security related controls. Creating and maintaining policy and procedure documents can be a daunting and time-consuming task; we can assist you in that regard. We leverage off industry-accepted practice and tailor this to your organisational context. This helps to ensure that policies and procedures are more readily accepted and adopted.
IT Disaster Recovery and Business Continuity Plan Review and Development
Being able to recover from a disaster is critical. IT Disaster and Business Continuity plans are key to assisting your IT and business teams with direction and what needs to be done in the event of a disaster.
We focus on assisting your organisation in identifying key risks to your business and performing Business Impact Assessments in order to determine Recovery Time Objectives and Recovery Point objectives that work for the unique context of your organisation.
We further assist you by developing the required plans and one-pager checklists to form part of disaster “battle-boxes” and provide guidance to simulate these plans on a regular basis.