Risk Assessments

An effective approach to Information Risk Management requires a deep understanding of the complex interactions between people, processes, technologies and environment. Vistorm’s Risk Management Practice has a pool of experts with a strong track record of providing solutions in this area.

Our people are professionals who bring considerable information security and systems architecture experience - plus strong strategy, policy and high-level design skills, underpinned with broad technical ability.

Our Solutions Architects work closely with our expert colleagues in the Security Integration and Infrastructure Services practices; and are accustomed to handling large, complex projects in partnership with systems integrators.

CLAS Consulting Risk Management Accreditation Document Sets (RMADS)

Our CLAS consultants have comprehensive and extensive experience of delivering IS/ICT Risk based assessments using either the Residual Risk based method or the newer Technical Risk Assessment (TRA) based method. The TRA standard is HMG's approved risk assessment and risk treatment method and is applicable at all levels of business impact across all industries and sectors in the private sector as well as national and local government. Our CLAS consultants are experienced in delivering accredited solutions.

ISO 27001 Gap Analysis

This is a consultancy service for those organisations who want to measure current, corporate information security practice against the accepted ISO 27001 best practice standards. It is relevant to organisations who are either embarking on a formal certification strategy or who want to baseline current corporate information security controls and practices against a well known standard and produce a prioritised gap analysis of controls. We can assist in the development and implementation of missing policies including development of acceptable use policy and awareness training materials as well as assisting in the resolution of other related governance issues such as Sarbanes-Oxley and FSA regulations.

PCI Compliance Programme

This is a consultant led service for any organisation that collects or processes credit card transactions. Typical PCI clients reside in the retail, finance and the travel industry. PCI compliance to the Data Security Standard (DSS) is mandatory for all sizes of organisation. Vistorm helps business managers as well as IT application and infrastructure owners understand the scale and scope of their current DSS data security needs. Improvement based plans and options that will meet the DSS are then identified, evaluated and optionally remedial data protection based projects implemented.