General Security Audit
Sapphire offers a detailed security audit service for organisations that are not necessarily claiming compliance to ISO 27001 at the moment or indeed do not currently have the intention of moving in line with ISO 27001 in the near future but require a general security based audit.
This audit service is provided in order to highlight possible areas for improvement i.e. in order to detect any significant areas of weakness in an organisation which should be considered as a matter of urgency.
This audit is very flexible as it can be tailored specifically to areas of the organisation that are of the most concern at the time i.e. rather than an organisation paying for a full system audit it enables the client to choose which of the sections for best practice security they require a review of and pay only for an audit to be conducted in those areas, (listed below).
- Security Policy
- Organising Information Security
- Asset Management
- Human Resources Security
- Physical and Environmental Security
- Communications and Operations Management
- Access Control
- Systems Acquisition, Development and Maintenance
- Information Security Incident Management
- Business Continuity Management
- Compliance
A full report is produced alongside the completed audit questionnaire detailing the main areas of concern borne out of the review with specific advice and suggestions for the improvement of security within the organisation.
