Services

Off-the-Shelf Services

Hereford InfoSec offers a diverse range of Information Assurance services, representing a one-stop-shop for your IA needs.

Please select a service, from the services menu on this page to read more about the comprehensive services we offer our clients.

Bespoke Services

Hereford InfoSec prides itself on its ability to keep pace with advances in business, technology, legislative and regulatory needs.

If you need an IA service which appears not to be provided by Hereford InfoSec then please let us know and we’ll address any gaps in our capabilities as soon as possible!

Governance, Risk & Compliance Management

In detail…

Governance, risk, and compliance (GRC) directly impact business processes, IT processes, and the associated IT infrastructure. Companies that once focused solely on regulatory compliance requirements, such as PCI, now need to respond to a broader array of GRC-related issues that span technologies, geographies and governments.

GRC is all about driving efficiencies in your organisation, risk management and compliance business processes. HIS can develop Information Assurance Policy to serve as your organisation’s written commitment to ensuring that any risks identified are addressed as far as reasonably practicable and compliant with all relevant legislation.

Such policy is fundamental to the success of the myriad of processes and technologies needed to ensure adequate IA, whether driven by management’s own risk handling strategies or strategies mandated by industry regulation, or indeed, national security interests.

Hereford Infosec has broad experience of the drivers for IA policies and is thus able to support the development of policies in accordance with:

  • ISO27001
  • ISO22301
  • HMG Secure Policy Framework (SPF)
  • UKMoD Defence Manual of Security (JSP440)
  • Financial Conduct Authority cyber requirements
  • Solicitors Regulation Authority cyber requirements
  • PCI DSS

Our CISSP qualified personnel are able to develop and document the necessary processes for an Information Security Management System within the context of the client culture and security policy.  We can then assist with the implementation of the ISMS as well as 1st Party (internal) or 2nd Party (partner) audit, should compliance be sought.

In detail…

Whether part of an ISO22301 compliance program, or simply due diligence, Business Continuity Planning (BCP) and Disaster Recovery (DR) are vital facets of day to day management of the modern enterprise.  

Statistics show that over 80% of companies without a BCP or DR strategy flounder within  2 years of experiencing a significant outage.

Hereford Infosec can undertake a full Business Impact Analysis, (BIA) of your information assets, to ISO22301, and assist in the production of a BCP and DR plan for your business.  

We can also aid in the regular exercising of these plans with a view to making related recovery actions second nature to your personnel.

Business Continuity & Disaster Recovery Planning

Digital Forensics

In detail…

Computer and digital equipment is often material to the investigation of crime and need specialist forensics analysis if remedial action is to be successful.

Not only is the technology associated with this forensic analysis specific to the situation but the processes associated with such investigation must also be undertaken with due regard to legal requirements; whilst companies may not initially consider the need for legal action, preferring administrative action instead, investigation often leads, by necessity, to Law Enforcement involvement.

Hereford InfoSec is able to aid in the lawful seizure of Hi-Tech crime evidence, fully in compliance with the Association of Chief Police Officers’ (ACPO) guidelines, Criminal Procedures Rules, Civil Procedures Rules and Criminal Justice Act to undertake investigations and reporting in respect of such crime.

Hereford InfoSec personnel are trained and equipped to undertake analysis of computer hardware, mobile/smart telephones and allied technologies such as digital cameras and media players.

In detail…

Modern Information and Communications Technology (ICT) has enabled businesses to develop new products and services, and deliver them quickly to market, thus delivering considerable competitive advantage but this advantage comes at a price – in order to fully exploit such technology, businesses must ensure that the skills of their own employees match the pace of change of technology.

Hereford Infosec is able to deliver high-quality Governance, Risk and Compliance related training, either on-site at clients’ premises, or at our Hereford facility.  Training capabilities include the full gamut of Hereford InfoSec skills including generic Information Security Management (ISM) awareness and specific InfoSec training (e.g. towards CISSP / CISA qualifications).

Training