Risk Advisory and IT Audit
Digital Assurance's highly skilled audit team can assist an organisation with risk assessments and security audits in line with the popular tools and methodologies. Our consultants have carried out audits on critical national infrastructure throughout the United Kingdom and Europe, in environments that have a high risk appetite but are also risk-averse. Where a technical assessment may simply be too much of a risk to complete, or does not fit a particular requirement, our consultants will carry out a thorough audit relying on paper-based reviews, interviews and observations.
Risk Assessment
Digital Assurance can conduct audits and risk assessments using all of the most-popular methodologies. Our consultants are professional and experienced in sensitively handling people during the audit process to ensure that the maximum potential can be achieved from the assessment. Using either qualitative or quantitative methods, Digital Assurance will ensure that the major threats and exposures are identified and adequate controls are recommended to effectively mitigate the risk.
Best Practice Advisory
With the introduction of the Sarbanes Oxley Act of 2002 in the United States and the upcoming Company Law Reform Bill currently with the House of Lords, compliance has become a major topic of conversation in the boardroom. It is essential that organisations have confidence in the integrity of their essential systems and data. Digital Assurance can provide audits and advice on whether an organisation are effectively ensuring that their internal systems are adequately complying to the new acts.
ISO/IEC 27001 Gap Analysis
Organisations preparing to undertake the ISO/IEC 27001 certification usually carry out a pre-audit review of their Information Security Management System (ISMS). Digital Assurance can offer consultants who are certified ISO 27001 auditors to conduct an initial review of an organisation's ISMS and its compliance with the standard, producing a report that lists any major and minor non-conformities that will lead to a fail condition during the actual certification.
Business Impact Analysis
A Business Impact Analysis (BIA) is generally used to prioritise risk within an organisation and to properly ensure a Business Continuity Plan (BCP). It involves identifying the critical business functions within an organisation and the impact (in terms of tangible and intangible costs to the business) of it being unavailable for any given time. Commissioning a BIA involves requesting key stakeholders and business managers within an organisation completing a questionnaire and being interviewed. Following collection of the pertinent data, Digital Assurance will produce a report outlining the functions of the business and their priority.