Risk Management and Compliance Service

Discover Our Expertise

Effective cyber resilience is more than just a tick-box exercise. Security is an on-going practice and you need to have an effective governance structure.


While many firms claim to adhere to a recognised framework – ISO27001, PCI DSS, NIST, Cyber Essentials – in reality you need to blend a variety of these concepts to deliver policies, standards and processes that are unique to your business.


Our team will work with your key stakeholders to create a governance programme that drives cyber security and information assurance behaviours throughout your business, promoting good practice and achieving more than the sum of the parts.


We will help in implementing globally accepted controls framework such as ISO 27001 and PCI DSS. Implementing any of these frameworks requires a systematic approach to analysing the key risk areas, identifying and documenting the controls and then monitoring and measuring the compliance. 


We offer the following services as part of Risk Management and Compliance the service suite:

  • ISO/IEC 27001 Information Security Standard

  • PCI DSS - Payment Card Industry Data Security Standard

If you would like to talk to us about our services, or how we can help you secure your organisation 

Our ISO/IEC 27001  Service Offering

The ISO 27001 Information Security Standard provides a structured framework for the implementation of an Information Security Management System (ISMS) within your organisation.


We provide ISO 27001 compliance and pre-certification audit services.


Our team consists of experienced ISO 27001-certified lead auditors and implementation experts, with the right blend of technical and business process know-how. Thus, providing a balanced approach to the entire exercise. 


Our ISO 27001 compliance approach is to start with a risk assessment exercise that follows below activities:

  • Review information security policy and security architecture to advise on and agree scope of the Information Security Management System (ISMS)

  • Agree on Statement of Applicability (SoA)

  • Review controls (interview, observation, inspection)

  • Information security management status report and findings

  • Final report with recommendations for improvement and options for implementation of ISO 27001.

  • Implement the recommendations to bridge the identified gaps

 Sounds interesting? 

Our PCI DSS Service Offering

The Payment Card Industry (PCI) consists of all the organisations which store, process and transmit cardholder data. PCI denotes the debit, credit, prepaid, e-purse, ATM, and POS cards and associated businesses


PCI Data Security Standard (DSS) is jointly released by card companies aimed at protecting card holder data. The standard requires the members, merchants, and service providers using credit card facilities to carry out regular PCI Scans and PCI Security Audits post compliance. 


The PCI DSS version 3.2 is comprised of six control objectives, which in turn contain twelve specific controls as outlined below:


  • Build and Maintain a Secure Network and Systems

1.      Install and maintain a firewall configuration to protect cardholder data

2.      Do not use vendor-supplied defaults for system passwords and other security parameters

  • Protect Cardholder Data

3.    Protect stored cardholder data

4.    Encrypt transmission of cardholder data across open, public networks

  • Maintain a Vulnerability Management Program

5.      Protect all systems against malware and regularly update anti-virus software or programs

6.      Develop and maintain secure systems and applications

  • Implement Strong Access Control Measures

7.      Restrict access to cardholder data by business need to know

8.      Identify and authenticate access to system components

9.      Restrict physical access to cardholder data

  • Regularly Monitor and Test Networks

10.      Track and monitor all access to network resources and cardholder data

11.      Regularly test security systems and processes

  • Maintain an Information Security Policy

12.   Maintain a policy that addresses information security for allpersonnel

We provide a complete PCI DSS consultancy services starting from planning, designing, implementation to accreditation including PCI DSS Qualified Security Assessor (QSA) services. 

If you would like to talk to us about our services, or how we can help your organisation

Tel : +44 (0) 020 8242 4756
Email:  enquiry@icyberdefence.com

iCyberDefence Limited

20 Eastbourne Terrace,


London W2 6LG, UK

©2018 by iCyberDefence, a brand registered under  iCyberDefence Limited, registered in England and Wales, 10980510

Registered Office: 27 Old Gloucester Street, London, WC1N 3AX