The purpose of the review is to provide senior management with an informed view of the current organisational risk and exposure relating to IT.

Everslea’s approach to IT business consultancy is to use ISO and other standards as a benchmark to measure organisational risk and security posture and provide gap analysis and recommendations to align with best practise and ISO guidelines. For Information Security, Everslean employ ISO27001 and the Government’s Cyber Essentials initiative, as appropriate, to provide this baseline.

The output from the review is to provide a report which is used to discuss the current InfoSec position and to provide indicative, qualitative scores in required formats (such as traffic light or heat maps) showing those areas that are the highest risks and need most focus. The review is conducted using a senior Information Security consultant backed by a team of industry experts to assure the quality and accuracy of the review.

Scope of Review

External Communication & Data Policies
Current Cloud IT exposure
Security of Data on the Move
Security of Data at rest
Perimeter security policies and processes
Corporate Security exposure from home or remote workers
Internal Security policies and procedures for guests and members
Internal Data Governance policies and procedures
Business Continuity & Disaster recovery planning and capability
Review existing InfoSec IT system policies & controls
- Passwords
- Access Controls
- Anti Virus / Spam / Malware
- Patch Management
- Vulnerability Management
- Penetration Testing
- Administration controls
- Starters, Movers & Leavers controls