In order to determine the cyber security, information security and data protection maturity of a client, H2 will conduct an assessment reviewing existing information security, data protection, technical security controls, processes and procedures to determine their effectiveness and currency.
This review will on average a three to five days for smaller SMEs and up to ten days for larger SMEs.
H2 will provide a written critique of what was discovered during the review. A set of recommendations of appropriate changes to controls and an on-going strategy to ensure the business achieves and maintains conformance to any applicable information security, data protection and cyber security standards or regulations.
In Phase 2, H2 offers to work with a client to implement the Phase 1 recommendations. Typically, H2 will schedule work to meet with budgetary and staff availability. This will help ensure the least amount of interruption to the clients daily routines and staying within budgetary constraints. Tasks can be scheduled over a time-frame, which is both appropriate to the needs of the business and the demands of regulatory conformity.
Selection and deployment of appropriate controls is not a tick box, fire and forget process. In collaboration with a client, H2 will ensure that any controls identified will be appropriate to both the assessed risk and business process demands.
Controls may be simple additions to existing business processes to ensure appropriate checks and balances are in place, which safeguard and protect information or; controls may be technical, which once implemented, automatically deliver an ongoing security function. In both instances, regular reviews need to be conducted to determine the effectiveness of the control in the light of any changes to the risk. Where necessary, as a result of these reviews, controls must be updated accordingly.
User or staff education is very important and whilst collaboration with and education of users will be included in the Phase 2 elements of IRAM as a service, it is important to ensure that this education and training continues.
People come and people go, risks change and new processes and controls are deployed. With that comes the responsibility of management to ensure that users are kept up-to-date with the latest changes.
As with Phase 2, H2 are able to provide the necessary education, ongoing management, review and maintenance of information security and data protection a retainer. If required, H2 will propose a maintenance program, tailored to the size of the business, the number of users and the volume of deployed information systems and mobile computing devices. Typically this will be on a subscription or retainer basis, whereby a work-package is agreed per month for delivery over an agreed time-line, for an ongoing monthly fee.
Alternatively, H2 can assist clients to acquire, deploy and manage a real-time interactive monitoring of all the critical and important elements of their information security and data protection controls.
If you would like to know more about our range of services here at H2 then please contact us today on 01733 602183 or 01780 678199 or complete our contact form.Click here to get started >
We originally engaged H2 to examine our liability under GDPR and devise risk managed policies and processes to ensure we met the requirements. Their Cyber Maturity Assessment is certainly and eye opener and H2s approach, unique in our experience of IT service companies, demonstrated clearly that we had some issues to overcome. They were patient in providing services at our own pace and at price points which we were happy with, and were comfortable working with our current IT provider, enhancing their services and products, and plugging gaps that they do not cover. I have no hesitation in recommending H2 to other companies who need such services.
H2 helped us through every step of the way ensuring are systems were robust and compliant, great job guys. JMR
We invited H2 to make a full assessment of our IT infrastructure and processes and we were very impressed with their overall methodology and approach to the project. We now feel that we have an secure environment and with ongoing support from H2 we couldn't be happier. TD
We thought GDPR could be a serious issue for our business but H2 came in and explained what we needed to do and how we can stay compliant wit the law. Bob was extremely helpful and kept everything simple and easy to understand.
We had a very complex requirement and H2 broke it down into its component parts and project managed the entire process, they now offer ongoing support and we would thoroughly recommend them to any prospective customer.