Deep Expertise

Deep security expertise, we understand attackers and how defend against them

Risk Prioritised

Risk-based objective evaluation of your controls, procedures and goals

Actionable Intelligence

Develop actionable insight and plans to guide your business

Controls and Regulatory Compliance

Our Controls and Compliance portfolio is designed to go beyond helping organisations check a compliance box or follow a standard approach to framework alignment. Our consultants assess and guide remediation of compliance gaps and assure that your organisation is focusing on relevance of controls, time and budget on areas that add the most value or reduce risk. Consequently, your organisation not only meets regulations, but exceeds them, thereby simplifying management and control processes to minimise deviations and redundancies.

Business Value

  • Examine the organisations unique environment, architecture, operations, culture and threat landscape against industry standards frameworks
  • Aligns compliance to organisational risk and incorporates business processes

  • Measures progress against mandates and achieves compliance standards

  • Roadmap areas for improvement and defines corrective action

  • Implement best practices and consistent execution of your compliance program

  • Justifies increased security investment and shows measurable success to Executive Management and the Board.

Our Approach

When embarking on a compliance review we assess every aspect of your organisations people, processes and technology as it relates to the program under review. We examine your current processes and technologies and consider ways in which security can be enhanced to support the objectives of the business. During the review, we employ a risk based approach to assess the current security framework and security posture of the organisation.

Our review framework is based  on the control frameworks found in ISO, COBIT and NIST. We begin by understanding how your organisation determines its risk tolerance. Is it based on maintaining regulatory compliance, or privacy and security risks or industry and/or competitive pressures. Because security motivating factors and values differ greatly between organisations it is important that we understand the risk tolerance drivers.

Next we interview select individuals and review appropriate documentation. Throughout the review we develop an understanding of the security management configuration, including security responsibilities, security governance, security policies, security controls, security operations, security monitoring and response procedures.

We develop detailed documentation including a maturity assessment, gap analysis, tactical and strategic recommendations and a detailed roadmap.


  • Executive Summary
  • Maturity Assessment
  • Gap Analysis
  • Actionable Plan
  • Detailed Roadmap

Request More Information

Request More Information

Our ISO/IEC 27001 Compliance Services

Our ISO 27001 Gap Analysis is designed to help organisations review and evaluate the maturity, effectiveness and efficiency of their existing security program. Based on the Carnegie Mellon University’s CMMI framework for process improvement and leveraging the ISO 27001 security model, we can provide a baseline security assessment that helps your organisation identify gaps and areas for improvement.

This assessment will help you by:

  • Assessing the maturity of your current security program and identify areas for improvement
  • Understand your organisations risk exposure
  • Develop a roadmap for project investments and organisations change initiatives
  • Collect information to create benchmarks against other organisations
  • Validating that your security investments have improved security posture

Our ISO 27001 Security Risk Assessment serves as the foundation for a strategic approach to compliance while helping to create an effective long-term risk management program. Our ISO 27001 Security Risk Assessment help you meet compliance obligations by prioritising both risk identification and risk mitigation for your key assets and systems, policies, procedures and controls

This assessment will help meet compliance requirements across industries. In particular:

  • Understand your risk posture and creating a risk baseline for compliance
  • Identify emerging threats
  • Review of effectiveness of controls
  • Help guide you on decisions for ROI, budget allocation, control selection and resource efficiency
  • Develop informaton asset register
  • Create a Risk Treatment Plan (RTP) that outlines how the organisation will control the impact associated with risk, the organisation must accept, avoid, transfer or reduce the risk to an acceptable level using risk mitigating controls.
  • Statement of Applicability (SOA)

For the controls adopted, as shown in the SOA, the organisation will need statements of policy or a detailed procedure and responsibility document to identify user roles for consistent and effective implementation of policies and procedures. Documentation of policies and procedures is a requirement of ISO/IEC 27001. The list of applicable policies and procedures depends on the organisation’s structure, locations and assets. 

Although policies, standards and procedures are the most basic element of any ISMS, they are often one of the most complex to implement effectively.

Our ISO 27001 Policy and Documentation Support Program helps companies build the Policy, Standards, Procedures and Guidelines (PSPG) needed for the ISO 27001 framework.

Our consulting team conducts an internal audit against the ISO 27001 standard and develops a corrective action report for the closure of the audit findings. We conclude with a confirmation of organisation readiness for the external ISO 27001 certification.

Our experts identify and select an external certification body, co-ordinate with certification auditors, as well as assist in the certification audit by providing all required documents and evidence for the auditor. We also provide full support to maintain your ISMS performance.