top of page
Reviewing Reports at Desk

Services

Accredited Audit & Assessments

CentriVault offers a full suite of services linked to accreditation audits and assessments. Our aim is to bring you peace of mind that all of your security and compliance auditing needs are maintained; whether it is maintaining your ISMS or achieving certification for a contract.

Our audit and assessment services can be standalone or for better value, part of a managed service. Our focus is on the following certifications:

  • ISO 27001

  • ISO 22301

  • SOC2

  • NHS Data Security and Protection Toolkit

  • Cyber Essentials and Cyber Essentials Plus

  • CyberSure and CyberSure Supplier

Our services are delivered by certified auditors and can include:

  • Pre and during audit support, preparation and assessment

  • Gap analysis and regular monitoring

  • Internal auditing

  • Management review support

  • Supplier assurance

Start by booking a discovery call with our team

pointing-up-left.png

Here's Our Service Summary

Extreme Traveling

Key Challenges Addressed

Many customers and government bodies require organisations to demonstrate levels of certification and compliance in order to become a supplier.

Regulatory requirements also mean that organisations need to maintain audits and undertake internal assessments in order to demonstrate legal compliance.

This can be a significant drain on resources, consume time that is not available and come at a significant cost. However, these are must-do requirements and so the challenge is finding the most cost effective method to deliver this.

In addition, maintaining and monitoring compliance of certifications can become a full-time task for most as getting the certification is one thing; keeping it is another.

Therefore, having a service that can significantly improve the chances of a successful audit visit, having the know-how in achieving compliance and providing resources to support their maintenance are important and valuable traits CentriVault can offer.

How it Works

Contact our solutioning team using the form below and we will respond within 24 working hours

We will outline a scope with you to discuss what audits or assessments you require and for when

Undertake a gap analysis against the agreed scope to produce a final costed proposal

Either deliver as part of a Managed Security Service Package (MSSP) OR as a single workstream 

 

Introduce you to the qualified team members to work on your account

Work with your team on a project basis with regular update meetings on the progress before delivering the findings and/or achieve the certification

  • What is a MSSP?
    Managed Security Service Provider or MSSP, provides outsourced monitoring and management of security devices and systems. As a third party MSSP, we can help alleviate the strain on IT teams, as well as free up crucial time the organisation needs to support and expand operations. Our Hybrid approach brings in the wider Vault UK Group so you have access to a wider range of connected and integrated services that ultimately support your security and privacy.
  • What types of cyber security support can you offer?
    Our services are far-ranging and can be part of a single workstream or for better value, within a managed package. Typically we can support areas like network and cloud security, endpoint security, zero trust, mobile and IoT security and all forms of testing, e.g. application or web vulnerability testing. Our aim is to ensure we can help maintain your organisation's confidentiality, integrity and availability of your information assets. Please contact our solutioning team to discuss your cyber security needs.
  • I know we need to do cyber security, but I have no idea where do we start?
    That is absolutely fine......it's why we exist! The first thing to do is contact us to outline your requirements, e.g. is it one of your customers requiring something you need to do or you need to achieve certification for a job or are worried about suffering a cyber attack. A typical approach is: 1) Contact us with your requirements 2) We’ll help identify services and solutions which can help 3) If needed, our Client Solutioning team will perform a gap analysis to ensure what we are providing best meets your needs 4) We deliver the services you need and help you efficiently manage it With us managing the services on your behalf, this helps to stop you worrying and allows you time to focus on driving your organisation forward.
  • What is an ISMS?
    Information Security Management System or ISMS is a systematic approach consisting of processes, technology and people that helps you protect and manage your organisation’s information through effective risk management. Fundamental to certifications like ISO 27001, an effective ISMS focuses on protecting three key aspects of information: Confidentiality: The information is not available or disclosed to unauthorised people, entities or processes. Integrity: The information is complete and accurate, and protected from corruption. Availability: The information is accessible and usable by authorised users
  • How do I achieve full compliance of GDPR?
    There are currently 99 Articles across 11 chapters in GDPR that organisations need to ensure they are compliant with. This can be a challenging task as you also need to take into account GDPR's 7 principles such as storage limitation and data minimisation. Another key principle is accountability. Undertaking the ICO's accountability framework review will help establish your gaps and what work you need to implement that is required by law and ultimately, achieve compliance. Rather than risk any fines, we have privacy experts who can assist you with this challenge and work to ensure you achieve full compliance. We can also provide you with a virtual Data Protection Officer should you require this as part of Article 37.
  • What kinds of data need greater protection?
    Under the GDPR, there are some kinds of personal data that are deemed especially sensitive and are classified as “special category”. This information concerns ethnic or racial origin, religious and political beliefs, genetic and biometric data, and health data, among other areas. Data handlers processing this kind of information should give serious consideration to how and why this data is used and ensure that it is only used when necessary. Organisation must also safeguard business critical data that can be exploited and capture an additional legal basis for processing any special category data.
  • What is the best way to secure personal data?
    One way we advise as an effective way of keeping data secure is to use encryption. Once applied, data encryption will scramble the contents of a message or file ensuring that no one can read the personal data without authorisation. Once a file or message is encrypted it can be shared or sent much more securely and reduce your risk of unforeseen data breaches happening and then potentially being fined. The ICO recognises the use of data encryption as evidence that an organisation has taken sufficient measures to secure data.
  • What happens during a ISO 27001 audit?
    There are 2 stages during an external ISO 27001 audit; Stage 1 is like a documentation review of your ISMS to see if it is suitable for certification and Stage 2 is the formal certification audit to see if you are recommended for accreditation. The audit is performed against clauses 4-10 of the ISO 27001 standard and the controls within Annex A. An ISO 27001 audit involves a competent auditor reviewing: The ISMS or elements of it and testing that it meets the standard’s requirements, e.g. the clauses, The organisation’s own information requirements, objectives for the ISMS, That the policies, processes, and other controls are practical and efficient. In addition to the overall compliance and effectiveness of the ISMS, as ISO 27001 is designed to enable any organisation to manage its information security risks effectively, the audit will also check that the implemented controls do reduce risk to a point where the risk owner(s) are happy to tolerate the residual risk. We can assist in preparing you, performing an internal audit and/or supporting you on the audits days as an effective extension of your team.
  • What happens during a CyberSure audit?
    CyberSure provides a rating of 1-5 based on your data security health and competence, The audit will review your organisation's security position of your cybersecurity systems and behaviours, as well as your data security standards. It is always the responsibility for the organisation to comply with data protection regulations at all times. ​ The audit will assess over the agreed days: How secure your behaviours are How secure data is whilst being stored and processed How secure are your network and devices. The current processes and policies in place regarding cybersecurity. How vulnerable you are to the current cyber threat landscape The level of cyber readiness of your organisation How robust and resilient you are against common cyber attacks The audit will take into account existing certifications such as Cyber Essentials so it is always beneficial to have these. If you need assistance with implementing CyberSure across your supply chain, then please contact our solutioning team today.
  • What happens during a Cyber Essentials Plus audit?
    Cyber Essentials Plus is the advanced variation of the Cyber Essentials certification. In this certification process an assessor from the IASME Cyber Certification Body, like ourselves, will conduct an audit of your systems. You are first required to pass Cyber Essentials and then you can apply for the Plus audit. The audit involves verifying the details on the self-assessment questionnaire which will include undertaking the following: Internal Vulnerability assessment External vulnerability assessment User Access Controls test Browser download test Email test
  • How long are the training modules?
    Our approach is to use bite size modules of 1-3 mins on average. We know that retention is maximised then and also it allows any self-study users to work around their busy schedule but not forget a long detailed training course when they return from a break.
  • What kind of training modules do you have?
    CentriVault Training offers several of the accredited CS-AT modules. ​CS-AT Module 1 – Information Security Fundamentals CS-AT Module 2 – Securing Your Business (Cyber Essentials) CS-AT Module 3 – Information Security Auditing (Cyber Essentials & ISO 27001) CS-AT Module 4 – GDPR Foundation and Implementation CS-AT Module 5 – Incident Response Planning & Management (ISO 27035) CS-AT Module 6 – Information Security Staff Awareness There are other Bite Size courses we can supply and if you have any specific needs then please contact training@centrivault.com.
  • How do you test to see if people have retained information you trained them on?
    This is a multi-step approach. We first test during the courses after each module to see if the user has taken in the key parts learned during that section. We also have an exam at the end for any accredited CS-AT course. For managed service customers, we also run regular simulation checks, like phishing emails, to see if team members are actively utilising the knowledge they have learned or if needed, target those that need further training. We also run mystery insight tests to see if team members are following the processes that they have learned by independent researchers testing against agreed scenarios. To find out more about our managed services packages, use the contact form on this page.
  • We already have some of what Vault Protect offers so would it still be useful?
    Simply answer, yes! Vault Protect is a hybrid managed security package that is made to fit around your current requirements. If for instance you already have the threat management side covered, then during our gap analysis assessment we will identify the areas of Vault Protect that you would benefit from and integrate that with your current setup. Our approach is to design defence-in-depth strategies and Vault Protect can be used to ensure any of your gaps are covered and your organisation is actively protected from the daily cyber threats. Contact us to begin the journey of seeing how Vault Protect can benefit you today.
  • What is Vault Protect?
    Vault Protect is our managed security services package (MSSP) to ensure that we help to keep your organisation protected from cyber threats. It is designed to cover a comprehensive range of services covering prevention, detection, analysis and response. It utilises a hybrid of our own unique services, expertise and our partner's industry-leading solutions. You can select the services and solutions you need and we integrate the package into your organisation. Our core solutions cover Risk Assessment, Threat Management, Digital Forensics and Incident Response. Contact our solutioning team to see how Vault Protect can support you today.
  • What do you use PDCA?
    Plan, Do, Check, Act (PDCA) is a continual improvement process methodology that helps to break down the stages and ensure each one is implemented effectively. It was used as the basis for the first iterations of ISO 27001 as the model for continuous improvement and a way to ensure any information security management system has been implemented and is maintained effectively. That is our approach for Vault Protect too.

Take the First Step

The next step is to add your contact details below so our engagement team can discuss with you to understand your priorities and understand the scope

Thanks for submitting!We will get back to you very soon

bottom of page