Practical, Cost Effective and award-winning

Business Continuity, Crisis Management & Information Security Solutions

Phone:

0800 035 1231 (Mon to Fri 9am – 5pm)

36B Market Street, New Mills

Derbyshire, SK22 4AA, United Kingdom

Information Security Risk Evaluation Case Study

Risk Management Meaning Analyze Evaluate And Avoid CrisisThe client is a leading provider of fulfilment, mailing and handling services for a wide range of blue chip clients, operating a site in the East of England, with a workforce of over 150 employees.  They already held ISO 9001, ISO 14001 and ISO 27001, and we had assisted with their certification to ISO 22301.

The Problem

The client had a well-established information security management system (ISMS), but were finding it difficult to operate and maintain the risk register.  This register was a collection over over a dozen spreadsheets, and was asset-based, leading to a huge amount of complexity for the staff to be able to manage without consultancy support, particularly given the small size of the organisation.

The Solution

Cambridge Risk Solutions adopted a simpler and more pragmatic approach to the risk assessment, considering the risk to business processes.  The risk register that had been devised for business continuity was updated to include information security aspects, identifying the nature of each risk, and enabling the organisation to understand where a risk could impact more than one management system.  The risk register was also updated to enable quality and environment risks to be added as the client moved towards updating their existing documentation in-line with updated standards.

For each risk, risk treatments were identified, where possible, and risk owners were identified.  Additionally, risk controls were identified and the Statement of Applicability updated accordingly.  Senior Management signed off acceptance of out-standing risks that needed to be tolerated, whether due to complexity, costs or just the very nature of the risk.

Cambridge Risk Solutions updated all Management System documentation to reflect the changes in the risk assessment and risk treatment processes, and gave training to the information security manager to ensure that the organisation had the competency to be able to take ownership of the process and documentation.

The Benefits

There were a number of benefits for the client:

  • A single risk process and methodology that could be expanded out to other Management Systems;
  • Greater standardisation of scoring risks due to the use of the same methodology and scales, thus enabling a better understanding of the risk landscape; and
  • A simpler risk process that gave the client greater ownership of their risk process.

Get In Touch

We are always happy to answer any questions you may have, please either contact us by telephone, or by filling in the form below.

Please ensure that you do not divulge any sensitive data as this webpage is not secure.
* indicates required field

The highly qualified people at Cambridge Risk have worked with us every step of the way. In a practical and manageable manner they have helped the whole company to ‘grow into’ the whole subject of Business Continuity Planning.

more testimonials

  • Business Continuity Planning

    Effective planning that takes into account risk evaluation and business impact analysis, supported by clear and concise crisis management. We work with you to develop user-friendly plans.

  • Business Impact Analysis

    The Business Impact Analysis (BIA) is one of the most important, and least well understood, stages of the Business Continuity Management Lifecycle; we can assist with your BIA.

  • Training and Exercising

    No Business Continuity Management programme is effective without a significant element of training. Moreover, ongoing Crisis Management training and exercising is key. We can provide objective training and exercising.

  • Risk Evaluation and Control

    Risk evaluation and treatment provide a process to identify, prioritise and managing your risks. Cambridge Risk Solutions can assist with risk management for business operational and information security risks.

  • Statement of Applicability

    Which controls do you need to have in place? How do you link your risk assessment process into your SoA? How do you ensure that you have effective controls in place? We can assist with your SoA.

  • Integrated Management Systems

    Management Systems assist with your on-going management, maintenance and continual improvement. We work with you to develop a fully integrated management system, enabling certification to ISO 22301 and ISO 27001.