Secaudit offers services to organisations that wish to take a formal view of their information security infrastructure. There is increasing pressure on organisations to protect their data assets from accidental or deliberate damage. Secaudit's formal approach to policy creation, risk analysis, writing security standards and awareness education not only provides its clients with real protection, it also satisfies that organisation's customers, suppliers and auditors that the organisation is responsible.

Increasingly UK and European organisations are facing mandatory requirements to ensure information that they hold is protected in terms of confidentiality, integrity, availability and accountability. These legal requirements are often complex and involve departments who have little or no security experience. Secaudit offer training and assistance to departments who require specialist training in their own area such as Human Resources or Systems Development

Security Policies

A Security Policy is the most important document within any organisation's Information Security infrastructure. Its purpose is to state unequivocally the intention of the senior management to secure their business. Secaudit will work with appointed individuals within the organisation to produce a relevant policy from which all-subsequent security work will stem.

A central security policy is the document that usually changes an organisation's perspective of information security from a purely technical problem to a business problem that can be fairly simply be overcome by policies, standards and education.

Risk Management

Types of event that prevent an organisation from continuing normal operations are numerous and varied. A flood or a fire can have devastating affects on an operation, but specific IT related disasters such as a computer malfunction or information confidentiality leak can be equally catastrophic.

The management of the organisation have a responsibility to identify areas of risk to their business and put appropriate countermeasures in place to reduce their exposure. Secaudit can assist an organisation identify and substantiate the worth of their assets, the identification and level of current threat, and reasonable steps to be taken to reduce the risk. This results in a marked reduction of incidents, lower impact of any incidents that do still occur, and a quicker recovery time at minimum cost.

Secure Architecture

With Internet-based applications and information increasingly critical to an organisation, the potential damage from a security breach becomes ever greater. With the threats to business growing as fast as information systems themselves, IT Projects should be designed with security in mind.

Historically organisations have attempted to achieve IT security by the purchase of technical solutions such as anti-virus software, firewalls and intrusion detection systems. These solutions may well be part of achieving a secure environment, but are more often than not, a false assurance. Secaudit can advise, or design, secure solutions to IT projects. Recent work has included design of a complex web portal and overseeing the launch of remote working for a large UK workforce.

Security Training

Education of all employees is an essential part of any organisations security efforts, indeed many security incidents are first noticed by employees suspicions. It is important that staff are aware of what constitutes suspicious behaviour and how to report it discreetly.

Secaudit use create bespoke training packages to help IT users understand what their organisations security policy is, what that means to them and how to play an active part in the safeguarding of assets.