Across organisations, motivations for compliance and audit assessments vary dependent on whether they are regulatory or contractual. Drawing on more than 20 years of expertise, Portcullis is familiar with all information security data protection standards, both commonplace and unusual. While our consultants work most frequently with ISO 270001:2013 and PCI DSS, their knowledge extends far further.
Portcullis applies a range of methods, including: interview, inspection, audit and technical assessment, to ascertain the position of the client’s organisation in relation to industry standards. The use of multiple assessment methods ensures that the information we provide at the conclusion of the multiple assessment methods ensures that the information we provide at the conclusion of the engagement is a valid and accurate representation of the client organisation’s position.
With the strategy, scope and gap analysis defines, our focus then shifts to implementing the solutions under discussion, allowing your organisation to become compliant or certified in accordance with industry standards dependent on the requirements of the project. To this end, our consultancy team is flexible and can be engaged for individual projects or as a longer-term, strategic partner.
Further to supporting organisations in becoming industry compliant or certified, Portcullis offers ongoing support which in invaluable in freeing-up and relieving pressure on internal resources. This can be achieved in a number of ways, including performing the internal audit functions, user awareness education and management of the security review and approval process for the third party suppliers.