In the past, risk management was primarily used in finance. Today, risk management has evolved and applies to all aspects of an organization operations. Managing your operational and IT risk gives you an advantage over your competitors, allowing you to be ready to make rational decisions when faced with uncertainty. No matter what your driver, whether you are looking to implement an ISMS (Information Security Management System) and ultimately become ISO 27001 certified, or whether you just want to be ready, Fireloft can help.
Fireloft can handle all aspects of your risk management program following the ISO 27005 or NIST 800 framework.
Your consultant will work with you and your stakeholders to gather information on the purpose, criteria, and scope of the risk management activities including defining the risk acceptance criteria based on the risk appetite of the organization.
We will identify all organizational primary and supporting assets within the scope defined in the context establishment phase of the project. A qualitative risk assessment will be performed on the assets by valuing the loss of confidentiality, integrity, and availability.
Working with you and your stakeholders, your consultant will help with selecting appropriate controls in order to mitigate the risks using measures to reduce, retain, avoid, or transfer the risk.
Each risk will be evaluated against the risk acceptance criteria to prioritize the risk list with treatment options.
We will provide you with an executive summary for your C-level stakeholders, and a detailed risk register report for you.
We can come and monitor our implemented mitigating controls and review to ensure that they are working as planned, and that the calculated residual risk level is accurate.
ISO 27001 is an internationally recognized standard for providing the requirements for implementing and maintaining an Information Security Management System (ISMS). Your ISMS is your systematic framework for managing your organizations confidential information so that it remains available and secure. The ISMS includes people, processes and IT systems applied by the ISO 27005 Risk Management framework.
Whether you are a certified ISO 27001 organization, or just thinking about becoming certified, Fireloft can help you with one of our many service offerings:
We can take your organization from certification in ISO 27001:2005 to the latest 2013 version of the standard.
As part of this service, we will analyze your organization's ISMS (Information Security Management System) and identify any gaps which may prevent you from certification.
Our services range from a simple one-time risk assessment, all the way to implementing and managing your organizations Risk Management Program.
Another mandatory requirement of ISO 27001, we can perform an internal audit on your already established Information Security Management System (ISMS).
Regularly scheduled network vulnerability scans of your internal network can help identify weaknesses in your networks.
Our training courses are designed to teach your employees on appropriate system use, security requirements, and user responsibilities when it comes to handling confidential data. We can also customize a training course just for you, on the security topic of your choosing.
Whether you are trying to build trust with your clients, or trying to stand out from your competition, having a SOC report available is a vital tool within your compliance arsenal.
Fireloft can help you successfully complete your SOC1 or SOC2 audit without any identified weakness of your controls.
We will spend time with you discuss your requirements and draw out the appropriate scope of your audit.
We will provide you with our system description questionnaire and contact request list for your business processes.
We will work with your identified asset and process owners to gather the required information regarding your system's control, and evaluate the effectiveness against the control objectives.
We will provide you with a complete readiness assessment report containing a list of all identified gaps and weaknesses within your service organizations system, along with recommendations on how to best implement controls to fill the gaps.