Tag Archives: ISO 27001

Nedap Security Management quality assured with ISO 27001 certification

Nedap Security Management’s standards of excellence have achieved another stamp of approval with ISO 27001 certification. This assures that all of the company’s products and services, including the AEOS access control system, are fully compliant with the highest international standards for information security.

iso27001logo

Fokko van der Zee, managing director of Nedap Security Management, informed Risk Xtra: “This is the formal confirmation of our ambition to excel at everything we do. A crucial aspect of that, and particularly in today’s market, is being fully compliant with the laws and regulations relating to the security of information. We’ve worked hard to achieve this certification over the last year and will continue to push forward to achieve ever higher standards.”

Advertisements

Leave a comment

Filed under Risk Xtra, Uncategorized

Securitas to host inaugural ASIS UK Enterprise Risk Management Northern Seminar

Securitas has been announced as the main sponsor and organiser for the inaugural ASIS UK Enterprise Risk Management Northern Seminar.

The seminar, which will take place at the University of Leeds on Thursday 9 April 2015, will afford delegates an understanding of how organisations can use Enterprise Risk Management to deliver their security and risk-related services.

Speakers on the day will include Neil Gammon (head of physical security at Sky) who will give an insight into managing enterprise risk within a creative media organisation and Dr Kevin Macnish, teaching Fellow at the University of Leeds. Macnish is to deliver a talk on how risk may be managed from an ethical perspective.

Securitas’ Gail Pinkerton, account director on the Workman contract, will present delegates with a Case Study on security risk management within a business environment, duly explaining how Securitas works alongside the property management and building consultancy to minimise and mitigate risk.

Dr Peter Speight CSyP: director of security risk management at Securitas

Dr Peter Speight CSyP: director of security risk management at Securitas

Speaking about the event, Dr Peter Speight CSyP (director of security risk management at Securitas, an ASIS UK member and recently elected UK Chapter Secretary) told Risk UK: “We’re very much looking forward to this event and we’re delighted that nearly 100 delegates have registered. Enterprise risk management is such a focused area for risk and security professionals. Indeed, the interest in this event has given us the confidence to look into hosting even more in the future.”

​ASIS International is one of the leading organisations for security professionals with more than 38,000 members worldwide, all of whom are involved in the protection of people, property and assets.

Founded in 1955, the organisation is dedicated to increasing the effectiveness and productivity of security professionals by developing educational programmes and materials that address broad security interests.

The seminar begins at 1.30 pm and there will be drinks, canapés and networking opportunities from 6.00 pm. Those interested in attending should contact the ASIS UK Office either by telephone (01494 488599) or e-mail: info@asis.org.uk

Securitas awarded ISO 27001:2013 Information Security Management accreditation

Securitas is also pleased to announce it has been awarded the ISO 27001: 2013 Information Security Management standard, demonstrating the company’s firm commitment to providing the highest quality of service to its customers.

ISO 27001 is an internationally-recognised certification developed as a Best Practice standard which enables organisations to formalise and verify that risks are properly identified and managed. It also demonstrates to customers and stakeholders alike that the security of their information is taken seriously.

David Barlow of Securitas

David Barlow of Securitas

David Barlow, business standards and risk manager at Securitas, said: “In 2014, we completed an internal review of the whole of our UK security operations and realised we needed to concentrate on improving our data protection policies if we were to seriously advance in the security solutions aspect of the industry.”

Securitas duly sought the services of UKAS quality and compliance auditing body ALCUMUS, and soon realised that accreditation to ISO 27001:2013 Information Security Management would be required in order to satisfy the needs of both the security services and security solutions sectors.

In June last year, a member of the business standards team was appointed as project manager to concentrate on key areas which included the communications centre, ALCUMUS, environmental Health and Safety, the standards department, screening, finance, the Alarm Response Centre and the Help Desk function.

Following a period of internal and external audits and the creation of the Information Security Management System, all information – either printed or written on paper, stored electronically, transmitted by post or using electronic means, shown on films or spoken in conversation – is now handled and stored in a secure manner.

All assets, either physical or electronic, are also risk assessed and suitable control measures taken to ensure the security of these assets.

Subsequently, the ISO 27001:2013 accreditation has now been awarded in respect of Securitas’ UK operations in Birmingham, Wellingborough, Milton Keynes and Uxbridge.

Barlow concluded: “This accreditation demonstrates to our customers that we take all aspects of IT and data security very seriously indeed. I believe that not only will it be of great benefit in winning new clients but will also help us to retain our existing ones. I’m fully confident Securitas will be reaping the rewards of all this hard work in the months to come. “

Leave a comment

Filed under Risk UK News

Cabinet Office minister Francis Maude visits cyber security specialist Advent IM

The Rt Hon Francis Maude MP has visited West Midlands-based cyber security consultancy Advent IM as part of the MPs’ remit as the Minister for Cyber Security. 

Maude met with Mike Gillespie and Julia McCarron, the co-founders of Advent IM, to find out more about the cyber security work the company delivers as one of the UK’s leading independent information security consultancies, the company’s history, its ethos and the business challenges faced by the organisation as an SME.

Topics for discussion on the day were both wide and varied. Mike Gillespie explained the principles of a holistic and risk-based approach to security and the MP was particularly interested in how this translates into solid governance in business.

Maude was also keen to find out more about threat convergence, how cyber threats can now impact our physical environments and steps that can be taken to mitigate those threats.

The team expanded on Advent IM’s development of cyber security training courses specifically for the police in the areas of SIRO and IAO responsibilities and accountability, general cyber security awareness training opportunities currently being developed and Advent IM’s mentoring approach to consultancy delivery, ensuring the company is seen by those involved as a business enabler.

The Advent IM team members meet Francis Maude MP

The Advent IM team members meet Francis Maude MP

The G-Cloud procurement process

Maude and the team discussed the merits of the G-Cloud procurement process and how there’s room to improve the perception that it’s more for technology purchases than consultancy, and how Government is starting to drive the requirement for Best Practice information security and ISO 27001 (more of which anon) through its outsourced service providers.

Changes to the Government Security Classification Scheme and the lack of understanding around its application were touched upon, as were the issues being confronted by local authorities in connecting to PSN and how the latest changes would impact on those either connecting or acting as a provider.

The Cabinet Office Minister also took the time to discuss areas of work with Advent IM staff from the consultancy, marketing and sales teams and the challenges they face when it comes to implementing and promoting cyber security across the UK.

“We greatly appreciate the time Francis Maude has taken to visit us,” said Advent IM’s operations director Julia McCarron. “As cyber security specialists, a number of us have attended events where Mr Maude has been present but we’ve rarely had the opportunity to discuss with him what’s happening in the market or air our views fact-to-face. To be singled out and given the chance to discuss our company, the industry and involve all of our staff in that forum was an honour for the team.”

Advent IM's Mike Gillespie talks cyber security with Cabinet Office minister Francis Maude

Advent IM’s Mike Gillespie talks cyber security with Cabinet Office minister Francis Maude

Holistic security management solutions

Advent IM focuses on holistic security management solutions for information, people and physical assets across both the public and private sectors.

Established in 2002, Advent IM is a Centre of Excellence for security services, promoting the benefits of Best Practice guidelines and standards and the ongoing need to address risk management in order to protect against potential threats.

From offices in the Midlands and London, the company’s consultants work on a nationwide basis and are members of the CESG Listed Advisor Scheme, the Institute of Information Security Professionals, The Security Institute, the Business Continuity Institute and the British Computer Society.

Advent IM consultants are also lead auditors for the international standards on Information Security Management (ISO 27001) and Business Continuity Management (ISO 22301), practitioners of PRINCE2 (a recognised project management methodology widely used within the public sector), CISSP-qualified and also Home Office-trained physical security assessors.

Leave a comment

Filed under Risk UK News

Advent IM confirmed as cyber security solution supplier to Her Majesty’s Government

Holistic security consultancy and a member of the Malvern Cyber Security Cluster, Advent IM Ltd has announced its confirmed status as cyber security solution supplier to Her Majesty’s Government.

The announcement follows on from the company’s long-standing and successful supplier relationships with several Government departments.

The cyber certification scheme is administrated by the Department for Business, Innovation and Skills and enables certified cyber security suppliers to Government to be able to publicise the fact. This offers a distinct advantage to those businesses, further enables the Government’s plan to work with more SMEs and also supports the export of UK cyber security expertise.

Speaking about the news, Advent IM director Julia McCarron told Risk UK: “The supply of specialist IA consultancy services to the UK Government is the foundation upon which Advent IM was built and this remains a very important sector for us. As an SME, we value the relationships we have with Her Majesty’s Government’s departments and agencies. Being awarded this status is important for our continued partnership development in this area and we’re delighted that we’ve been recognised as an official cyber security solution provider.”

Advent IM joins other members of the Malvern Cyber Security Cluster who have been recognised for their contribution to UK Government cyber security by being part of this scheme.

Advent IM has announced the company’s confirmed status as a cyber security solution supplier to Her Majesty’s Government

Advent IM has announced the company’s confirmed status as a cyber security solution supplier to Her Majesty’s Government

Holistic security management solutions

Advent IM is an independent specialist consultancy focusing on holistic security management solutions for information, people and physical assets across both the public and private sectors.

Established in 2002, Advent IM is a Centre of Excellence for security services, promoting the benefits of Best Practice guidelines and standards and the need to address risk management to protect against potential threats.

From offices in the Midlands and London, Advent IM’s consultants work nationwide and are members of the CESG Listed Advisor Scheme (CLAS), the Institute of Information Security Professionals (IISP), The Security Institute, the Business Continuity Institute and the British Computer Society.

Julia McCarron: director at Advent IM

Julia McCarron: director at Advent IM

Advent IM consultants are also lead auditors relating to the international standards for Information Security Management (ISO 27001) and Business Continuity Management (ISO 22301), practitioners of PRINCE2 (a recognised project management methodology widely used within the public sector), CISSP-qualified and Home Office-trained physical security assessors.

Leave a comment

Filed under Risk UK News

UK businesses “sleepwalking” into reputational time bomb

According to research conducted by BSI, the business standards company, UK businesses are at risk of sleepwalking into a reputational time bomb due to a lack of awareness on how to protect their data assets. As cyber hackers become more complex and sophisticated in their methods, UK organisations are being urged to strengthen their security systems in order to protect both themselves and consumers.

The BSI survey of IT decision-makers1 finds that cyber security is a growing concern, with over half (56%) of UK businesses being more concerned about this issue than was the case 12 months ago. Seven-in-10 (70%) attribute this to hackers becoming more skilled and better at targeting businesses.

However, while the majority (98%) of organisations have taken steps to minimise risks to their information security, only 12% are extremely confident about the security measures they have in place to defend against these attacks.

Worryingly, IT directors appear to have accepted the risks posed to their information security, with nine-in-10 (91%) admitting their organisation has been the victim of a cyber attack at some point. Around half have experienced an attempted hack and/or suffered from malware (49% in both instances). Around four-in-ten (42%) have experienced the installation of unauthorised software by trusted insiders, while nearly one third (30%) report having suffered from a loss of confidential information.

Managing risks: key to protecting data assets

Despite confidence in the security measures they have in place, three-in-five (60%) of those organisations surveyed have not provided staff with information security training. Over a third (37%) haven’t installed anti-virus software and only just under half (49%) monitor their user’s access to applications, computers and software.

Conversely, organisations that have implemented ISO 27001 – the international Information Security Management System Standard – are more conscious about potential cyber attacks than those who haven’t (56% versus 12%). As such, 52% of organisations with ISO 27001 already implemented are extremely confident about their level of resilience against the latest methods of cyber hacking.

Maureen Sumner Smith: UK managing director at BSI

Maureen Sumner Smith: UK managing director at BSI

“The research reveals that businesses who can identify threats are more aware of them,” said Mike Edwards, information security specialist and tutor at BSI. “Our experience confirms this. We know that organisations with ISO 27001 in place can better identify the threats and vulnerabilities posed to their information security and put in place appropriate controls designed to manage and mitigate risk.”

Consumers looking to organisations that go ‘above and beyond’

As consumers are now spending more and more of their time and money online, so their vulnerability to cyber attacks is increasing. A recent survey2 showed that nearly half of consumers questioned had suffered from a cyber attack/crime event, yet only 4% have stopped using online services to reduce the risks.

Consumers are looking to companies for protection, who in turn need to safeguard themselves and their customers’ data. However, there’s an inherent lack of trust from consumers on how their data is handled by organisations, with one third of those questioned admitting they don’t trust organisations with their data.

On the other hand, there’s a level of acceptance that nothing online will ever be wholly safe, leading to a false sense of security that: ‘This will not happen to me’ among those who have not suffered from a cyber attack/crime.

Maureen Sumner Smith, UK managing director at BSI, explained: “Consumers want their information to be confidential and not shared or sold. Those who want to be reassured that their data is safe and secure are looking to organisations willing to go the extra mile to protect and look after their data.”

Sumner Smith continued: “Best Practice security frameworks, such as ISO 27001 and easily recognisable consumer icons like the BSI Kitemark for Secure Digital Transactions can help organisations benefit from increased sales, fewer security breaches and protected reputations. Our research shows that the onus is very much on businesses to wake up and take responsibility if they want to continue to be profitable and protect their brand reputations.”

References
1Research interviews conducted with 200 IT decision-makers in UK businesses employing between 250 and 1,000 members of staff. Interviews carried out in October 2014 by Vanson Bourne
2Consumer research involving 1,589 UK adults. Conducted in September 2014 by Opinion Matters

Leave a comment

Filed under Risk UK News

Lynn Watts-Plumpkin appointed director and general manager at IQ Verify

The IQ Group – which encompasses Industry Qualifications and the Institute of Administrative Management – has announced the appointment of Lynn Watts-Plumpkin to lead the development of its new certification body entitled IQ Verify.

IQ Verify will specialise in the certification of management systems, products and services, and is in the final stages of UKAS accreditation to ISO 17021 and ISO 17065. This development will allow the IQ Group to provide both individual certification through its awarding organisation as well as organisational certification through IQ Verify. It will be the first multi-sector organisation in the UK with this capability.

Lynn Watts-Plumpkin, whose background includes significant roles at both the NSI and the SSAIB, said: “I’m delighted to be joining the IQ Group at this time, and am excited by the opportunity to lead a new certification body. IQ Verify will be distinct in its offering. The focus will be on standards associated with corporate resilience, the investigations sector and PSC-1 within the security industry. We will also be developing inspection schemes for a number of economic sectors and trade bodies. Announcements will be made over the coming months.”

Lynn Watts-Plumpkin: director and general manager at IQ Verify

Lynn Watts-Plumpkin: director and general manager at IQ Verify

Raymond Clarke, CEO of the IQ Group, said: “We’re delighted to have been able to attract a person of Lynn’s experience and ability to IQ Verify at a very important time in its development. We’ve been working towards UKAS accreditation for a year now, and have conducted a range of trial assessments in advance of UKAS approval to positive acclaim.”

Clarke added: “IQ Verify will be operational from Monday 1 December, offering inspections to BS 102000 (Investigative Services), ISO 27001 (Data Security), ISO 31000 (Risk Management) and ISO 22301 (Business Continuity). We will be offering PSC-1 and ISO 9001 from January, by which time we expect to have obtained full UKAS accreditation.”

*For further information on the work of Industry Qualifications visit: http://www.industryqualifications.org.uk/

Leave a comment

Filed under Risk UK News