Our team of experienced risk consultants can work with you at each step of your cyber maturity journey. Whether your organisation is at the start of that journey, conducting evaluations and assessments of your assets, or is enhancing an already strong cyber strategy with increased awareness and training, IRM have a wide range of consultancy services to offer.
Our consultants have years of experience with all the complex requirements surrounding areas such as EU GDPR, PCI Data Security Standard, ISO 27001:2013. We help organisations capitalise on digital opportunities whilst meeting compliance standards and mitigating potential risks.
Why choose IRM? We are not tick-box exercise auditors. We understand the threat landscape, risk appetite and bespoke requirements of our organisations to ensure a tailored solution can help them achieve their risk management goals. Learn more about each of our compliance and audit services below.
As the co-author of the award winning Barclaycard Risk Reduction Programme, we are also able to help clients adopt a proportionate and risk based approach to compliance.
With our PCI QSA service, you will get a scoping workshop, pre-assessment and training, gap analysis, a PCI remediation programme plan and a final compliance assessment and report.
With the GDPR consultancy service, you will receive a Privacy Impact Assessment (PIA) to help define any data protection issues, as well as a Business Focused Risk Assessment, allowing you to understand how your personal identifiable information is processed and identify any shortfalls.
Our CPNI Control Assessment will support you in defining a baseline of high-priority technical measures and activities to implement to enhance your organisation’s cyber defence.
With our ISO 27001 consultancy support, you will receive a gap analysis report and scorecard. This will assess where the organisation is aligned with the standard and will highlight the gaps you need to fill in order to fully meet the IS0 27001 requirements.
IRM will review current asset registers, or create unidentified information assets, and give these assets a number of values based on real intelligence and knowledge of your organisation.
As part of the process in discovering your information and data assets, IRM will identify and engage with key personnel to document existing business processes and the assets involved in that process. This in turn will support you in creating and maintaining an Information Asset Register, a key requirement of the GDPR.
All organisations are susceptible to numerous threats and vulnerabilities but very few know where they are susceptible. IRM offers as service to conduct a cyber risk assessment to identify and asset the threats and vulnerabilities.
Our assessment involves determining the potential threat actor’s capabilities, motivation and resources, helping you to gain a comprehensive understanding of your cyber risks.
IRM offer a managed service to provide a comprehensive assessment of your third parties and the potential risks they contribute to your business operation.
We will design a third party management programme designed to your requirements including security questionnaires and ongoing assurance activities, supported by the use of our SYNERGi GRC platform.
Your business runs a wide range of risk assessments and closely monitors operational risk, yet there is often a lack of consideration for information security. We have all seen the media coverage of high, negative impact breaches – so why aren’t cyber risks reflected on the corporate risk register?
Identifying your data assets, valuing them, assessing the threat and applying a pragmatic risk reduction strategy are fundamental steps to be able to defend them appropriately. Read more about each of our risk management services below.
The COVID-19 pandemic will continue to impact businesses, so it has never been more important to ensure you have a concrete business continuity plan in place. This plan should aim to protect your people, your processes and your information. Cybersecurity and information security are likely to be at higher risk during a pandemic, but IRM consultants can work with your organisation to help you define and mitigate these risks.
Understand, articulate and establish your organisation’s Cyber Risk Appetite. IRM’s cyber risk appetite service is an evolutionary process that ensures proportionate cyber risk management sits at the heart of your business and aligns with your strategy.
You will receive an appetite statement, a cyber risk register to clearly define your risk limits, and a remediation plan to offer expert recommendations on how to re-align your current cyber risk posture.
Understanding, assessing and quantifying these risks is the first step towards eliminating them. Our cybersecurity risk assessment works with your key stakeholders to understand exactly which information assets should be assessed within your organisation, before investigating, identifying and analysing the vulnerabilities existing within and around them.
You will receive a risk assessment report, a cyber risk register and a treatment plan which sets out recommendations for how to re-align your current cyber risk posture to manage new risks.
Our cloud computing risk assessment provides a rational analysis of your cloud security posture and responsibilities, defined by the cloud provider service and the changing needs of your organisation.
You will receive an extensive cloud risk assessment report and a treatment plan on how to re-align your current risk posture based on the findings of the assessment.
IRM’s third party assessment service has been created to help your organisation to benchmark your entire third party establishment. Used in collaboration with the Vendor Management module within SYNERGi, IRM is able to cost-effectively assess and implement proportionate and responsible due diligence processes and protocols based on varying levels of risk.
You will receive a risk assessment report about the third party risks in your organisation, a third party risk register and a risk treatment plan.
The IRM framework is designed to provide guidance and confidence to the Board of Directors with regards to risk management, compliance and information security teams. Each business stakeholder receives contextualised and actionable cyber risk intelligence in order to support proper notification and escalation procedures – ensuring any issues are swiftly resolved.
You will receive a framework tailored to the operation and needs of your organisation and you will gain access to SYNERGi, our GRC SaaS solution which provides real-time reports and dashboards to support your risk requirements.