Tag Archives: Information Security Management

Nedap Security Management quality assured with ISO 27001 certification

Nedap Security Management’s standards of excellence have achieved another stamp of approval with ISO 27001 certification. This assures that all of the company’s products and services, including the AEOS access control system, are fully compliant with the highest international standards for information security.

iso27001logo

Fokko van der Zee, managing director of Nedap Security Management, informed Risk Xtra: “This is the formal confirmation of our ambition to excel at everything we do. A crucial aspect of that, and particularly in today’s market, is being fully compliant with the laws and regulations relating to the security of information. We’ve worked hard to achieve this certification over the last year and will continue to push forward to achieve ever higher standards.”

Advertisements

Leave a comment

Filed under Risk Xtra, Uncategorized

Securitas to host inaugural ASIS UK Enterprise Risk Management Northern Seminar

Securitas has been announced as the main sponsor and organiser for the inaugural ASIS UK Enterprise Risk Management Northern Seminar.

The seminar, which will take place at the University of Leeds on Thursday 9 April 2015, will afford delegates an understanding of how organisations can use Enterprise Risk Management to deliver their security and risk-related services.

Speakers on the day will include Neil Gammon (head of physical security at Sky) who will give an insight into managing enterprise risk within a creative media organisation and Dr Kevin Macnish, teaching Fellow at the University of Leeds. Macnish is to deliver a talk on how risk may be managed from an ethical perspective.

Securitas’ Gail Pinkerton, account director on the Workman contract, will present delegates with a Case Study on security risk management within a business environment, duly explaining how Securitas works alongside the property management and building consultancy to minimise and mitigate risk.

Dr Peter Speight CSyP: director of security risk management at Securitas

Dr Peter Speight CSyP: director of security risk management at Securitas

Speaking about the event, Dr Peter Speight CSyP (director of security risk management at Securitas, an ASIS UK member and recently elected UK Chapter Secretary) told Risk UK: “We’re very much looking forward to this event and we’re delighted that nearly 100 delegates have registered. Enterprise risk management is such a focused area for risk and security professionals. Indeed, the interest in this event has given us the confidence to look into hosting even more in the future.”

​ASIS International is one of the leading organisations for security professionals with more than 38,000 members worldwide, all of whom are involved in the protection of people, property and assets.

Founded in 1955, the organisation is dedicated to increasing the effectiveness and productivity of security professionals by developing educational programmes and materials that address broad security interests.

The seminar begins at 1.30 pm and there will be drinks, canapés and networking opportunities from 6.00 pm. Those interested in attending should contact the ASIS UK Office either by telephone (01494 488599) or e-mail: info@asis.org.uk

Securitas awarded ISO 27001:2013 Information Security Management accreditation

Securitas is also pleased to announce it has been awarded the ISO 27001: 2013 Information Security Management standard, demonstrating the company’s firm commitment to providing the highest quality of service to its customers.

ISO 27001 is an internationally-recognised certification developed as a Best Practice standard which enables organisations to formalise and verify that risks are properly identified and managed. It also demonstrates to customers and stakeholders alike that the security of their information is taken seriously.

David Barlow of Securitas

David Barlow of Securitas

David Barlow, business standards and risk manager at Securitas, said: “In 2014, we completed an internal review of the whole of our UK security operations and realised we needed to concentrate on improving our data protection policies if we were to seriously advance in the security solutions aspect of the industry.”

Securitas duly sought the services of UKAS quality and compliance auditing body ALCUMUS, and soon realised that accreditation to ISO 27001:2013 Information Security Management would be required in order to satisfy the needs of both the security services and security solutions sectors.

In June last year, a member of the business standards team was appointed as project manager to concentrate on key areas which included the communications centre, ALCUMUS, environmental Health and Safety, the standards department, screening, finance, the Alarm Response Centre and the Help Desk function.

Following a period of internal and external audits and the creation of the Information Security Management System, all information – either printed or written on paper, stored electronically, transmitted by post or using electronic means, shown on films or spoken in conversation – is now handled and stored in a secure manner.

All assets, either physical or electronic, are also risk assessed and suitable control measures taken to ensure the security of these assets.

Subsequently, the ISO 27001:2013 accreditation has now been awarded in respect of Securitas’ UK operations in Birmingham, Wellingborough, Milton Keynes and Uxbridge.

Barlow concluded: “This accreditation demonstrates to our customers that we take all aspects of IT and data security very seriously indeed. I believe that not only will it be of great benefit in winning new clients but will also help us to retain our existing ones. I’m fully confident Securitas will be reaping the rewards of all this hard work in the months to come. “

Leave a comment

Filed under Risk UK News

Cabinet Office minister Francis Maude visits cyber security specialist Advent IM

The Rt Hon Francis Maude MP has visited West Midlands-based cyber security consultancy Advent IM as part of the MPs’ remit as the Minister for Cyber Security. 

Maude met with Mike Gillespie and Julia McCarron, the co-founders of Advent IM, to find out more about the cyber security work the company delivers as one of the UK’s leading independent information security consultancies, the company’s history, its ethos and the business challenges faced by the organisation as an SME.

Topics for discussion on the day were both wide and varied. Mike Gillespie explained the principles of a holistic and risk-based approach to security and the MP was particularly interested in how this translates into solid governance in business.

Maude was also keen to find out more about threat convergence, how cyber threats can now impact our physical environments and steps that can be taken to mitigate those threats.

The team expanded on Advent IM’s development of cyber security training courses specifically for the police in the areas of SIRO and IAO responsibilities and accountability, general cyber security awareness training opportunities currently being developed and Advent IM’s mentoring approach to consultancy delivery, ensuring the company is seen by those involved as a business enabler.

The Advent IM team members meet Francis Maude MP

The Advent IM team members meet Francis Maude MP

The G-Cloud procurement process

Maude and the team discussed the merits of the G-Cloud procurement process and how there’s room to improve the perception that it’s more for technology purchases than consultancy, and how Government is starting to drive the requirement for Best Practice information security and ISO 27001 (more of which anon) through its outsourced service providers.

Changes to the Government Security Classification Scheme and the lack of understanding around its application were touched upon, as were the issues being confronted by local authorities in connecting to PSN and how the latest changes would impact on those either connecting or acting as a provider.

The Cabinet Office Minister also took the time to discuss areas of work with Advent IM staff from the consultancy, marketing and sales teams and the challenges they face when it comes to implementing and promoting cyber security across the UK.

“We greatly appreciate the time Francis Maude has taken to visit us,” said Advent IM’s operations director Julia McCarron. “As cyber security specialists, a number of us have attended events where Mr Maude has been present but we’ve rarely had the opportunity to discuss with him what’s happening in the market or air our views fact-to-face. To be singled out and given the chance to discuss our company, the industry and involve all of our staff in that forum was an honour for the team.”

Advent IM's Mike Gillespie talks cyber security with Cabinet Office minister Francis Maude

Advent IM’s Mike Gillespie talks cyber security with Cabinet Office minister Francis Maude

Holistic security management solutions

Advent IM focuses on holistic security management solutions for information, people and physical assets across both the public and private sectors.

Established in 2002, Advent IM is a Centre of Excellence for security services, promoting the benefits of Best Practice guidelines and standards and the ongoing need to address risk management in order to protect against potential threats.

From offices in the Midlands and London, the company’s consultants work on a nationwide basis and are members of the CESG Listed Advisor Scheme, the Institute of Information Security Professionals, The Security Institute, the Business Continuity Institute and the British Computer Society.

Advent IM consultants are also lead auditors for the international standards on Information Security Management (ISO 27001) and Business Continuity Management (ISO 22301), practitioners of PRINCE2 (a recognised project management methodology widely used within the public sector), CISSP-qualified and also Home Office-trained physical security assessors.

Leave a comment

Filed under Risk UK News

Advent IM confirmed as cyber security solution supplier to Her Majesty’s Government

Holistic security consultancy and a member of the Malvern Cyber Security Cluster, Advent IM Ltd has announced its confirmed status as cyber security solution supplier to Her Majesty’s Government.

The announcement follows on from the company’s long-standing and successful supplier relationships with several Government departments.

The cyber certification scheme is administrated by the Department for Business, Innovation and Skills and enables certified cyber security suppliers to Government to be able to publicise the fact. This offers a distinct advantage to those businesses, further enables the Government’s plan to work with more SMEs and also supports the export of UK cyber security expertise.

Speaking about the news, Advent IM director Julia McCarron told Risk UK: “The supply of specialist IA consultancy services to the UK Government is the foundation upon which Advent IM was built and this remains a very important sector for us. As an SME, we value the relationships we have with Her Majesty’s Government’s departments and agencies. Being awarded this status is important for our continued partnership development in this area and we’re delighted that we’ve been recognised as an official cyber security solution provider.”

Advent IM joins other members of the Malvern Cyber Security Cluster who have been recognised for their contribution to UK Government cyber security by being part of this scheme.

Advent IM has announced the company’s confirmed status as a cyber security solution supplier to Her Majesty’s Government

Advent IM has announced the company’s confirmed status as a cyber security solution supplier to Her Majesty’s Government

Holistic security management solutions

Advent IM is an independent specialist consultancy focusing on holistic security management solutions for information, people and physical assets across both the public and private sectors.

Established in 2002, Advent IM is a Centre of Excellence for security services, promoting the benefits of Best Practice guidelines and standards and the need to address risk management to protect against potential threats.

From offices in the Midlands and London, Advent IM’s consultants work nationwide and are members of the CESG Listed Advisor Scheme (CLAS), the Institute of Information Security Professionals (IISP), The Security Institute, the Business Continuity Institute and the British Computer Society.

Julia McCarron: director at Advent IM

Julia McCarron: director at Advent IM

Advent IM consultants are also lead auditors relating to the international standards for Information Security Management (ISO 27001) and Business Continuity Management (ISO 22301), practitioners of PRINCE2 (a recognised project management methodology widely used within the public sector), CISSP-qualified and Home Office-trained physical security assessors.

Leave a comment

Filed under Risk UK News

UKAS accredits Certification International for latest information security management standard

Certification International – a leader in the assessment and certification of international, national and industry standards – has received accreditation from UKAS for the revised ISO 27001:2013 standard.

ISO 27001:2013 specifies the requirements for establishing, implementing, maintaining and improving an information security management system (ISMS).

There are now more than 17,000 registrations worldwide and revisions to the standard have taken into account the practical experience of organisations using it. The changes were influenced by the ISO requirement that all new and revised management system standards must conform to the high level structure and identical core text defined in Annex SL to Part 1 of the ISO/IEC Directives and a decision to align the standard with the principles of ISO 31000 (risk management).

Revisions to the standard have placed greater emphasis on setting objectives, monitoring performance and metrics and a requirement for management commitment requirements to focus on leadership.

An important standard for all companies

Speaking about this latest development, Certification International’s managing director John Pymer said: “Receiving accreditation for the latest information security management system ensures we provide clients with a high quality service. Assessing companies to the latest standards not only benefits our clients but also plays a key role in our business strategy. By placing Certification International as a leader in the certification industry it will help us grow, not only in the UK but on a global scale.”

ISO 27001:2013 specifies the requirements for establishing, implementing, maintaining and improving an information security management system

ISO 27001:2013 specifies the requirements for establishing, implementing, maintaining and improving an information security management system

Pymer added: “ISO 27001:2013 is an important standard for all companies, whatever their size or sector. It’s vital for companies to underline their responsible practices through the achievement of such a well-recognised standard. Certification International’s experience means we can partner with companies looking to implement operations which allow them to integrate the latest information security management systems into their business.”

Certification International will be working closely with all clients to ensure they’re assessed against the new requirements at their next scheduled visit to achieve transition by the deadline of 1 October 2015.

Certification International’s UK business manager Emma Fawcett-Jones commented: “Clients who are already certified to ISO 27001:2005 will have to transition to the new standard before July 2015. There are two ways to achieve this. The first is to prepare themselves and make sure they’re ready for the transition review at the next surveillance or reassessment audit that’s due in their schedule before the transition date. Clients who choose this option will have to complete a transition review checklist and provide it before the audit date for the auditor to review. The second option is to undergo a separate transition review audit.”

Fawcett-Jones also stated: “In order to help clients through the transition we’ve published guidance and a checklist to send to all of our clients who have achieved the outgoing standard so that they have sufficient time to prepare themselves for the change.”

UKAS accredited bodies are assessed against internationally recognised standards to demonstrate their competence, impartiality and performance capability.

Part of the SOCOTEC Group, Certification International is a global organisation offering assessment, analysis and certification to a variety of clients across a range of standards.

For more information visit: http://www.cert-int.com

Leave a comment

Filed under Risk UK News