Create and maintain a risk-driven approach to your cyber security

Attain your cyber regulatory and certification objectives

Demonstrable evidence that you're safeguarding customer and supplier data

Businesses are under increasing pressure to negate the risks of operating in an aggressive digital economy. We ask the right questions to get you thinking about your cyber security stance, your responsibility and, most importantly, how to initiate an effective response.

But CORVID’s expertise doesn’t stop there.

Our team benefits from a wealth of experience, skills and insight to help our customers with an abundance of business challenges, transferring their knowledge to help you achieve your cyber goals in the most efficient, agile, and cost-effective way.

Information assurance – governance, cyber security, risk assessment, risk management, compliance and accreditations (e.g. GDPR, ISO 27001, MOD accreditation, Cyber Essentials, and List X)

Technical – system architecture and security design

Engineering – design consultancy and validation

Gap analysis – assess requirements, document current security posture, and design an action plan

Independent and impartial review

Comprehensive cyber knowledge

Assist with compliance

Fully qualified expertise

Identify your level of cyber maturity

Understanding the technical and regulatory challenges of cyber security can be daunting. How does an organisation know:

its data is protected?
its systems are configured correctly?
its incident response plans are robust and fit for purpose?
it is meeting all of its regulatory requirements?

These are just a few of the challenges our Consultancy Service can help your business overcome. Use our checklist to ascertain your business’ current level of cyber maturity.

Cyber maturity checklist

Documented cyber security strategy
Gained stakeholders’ endorsement
Effective information risk management framework
Mature risk reporting framework
Comprehensive security risk assessment
Verified secure architecture
Undertaken technical security testing
Tested your incident response plan/process
Achieved legal and regulatory compliance
Validated security spend by robust risk management

Risk assessment

This iterative process is vital for any organisation in understanding the impact cyber attacks can have on its business activities. Businesses must identify and value their assets, quantify the threat to them, and manage vulnerabilities in their systems. This information needs to be formulated into focused risk statements, which are prioritised and mitigated by applying appropriate controls. There is no one correct method for assessing risk, so businesses should choose the most appropriate way that fits with how they do business. Following prioritisation, an assessment is then made on the effectiveness of the controls against the level of risk, and the risk owner judges if any further action is necessary.

The threat landscape is ever-changing, therefore an organisation’s risk assessment must be reviewed regularly and revised if necessary.

GDPR Compliance

The EU General Data Protection Regulation (GDPR) became law in May 2018. Our cyber consultants will check your due diligence, and identify any regulatory gaps that may leave your business exposed to substantial liability. Any guidance will complement your existing business practices and integrate seamlessly into your objectives, giving you the confidence to process and protect personal information lawfully.

ISO 27001

ISO 27001:2013 is the recognised international standard for information security management, and provides a common framework for developing security policy and identifying mitigating controls. The certification standard provides a holistic approach to managing information risk, ensuring continuous improvement of the controls that maintain the confidentiality, integrity and availability of data. Our consultants can help you meet the requirements and assist you in preparing your submission for accreditation.

Cyber Essentials

Cyber Essentials is a government-backed, industry-sponsored scheme to help businesses protect themselves against common cyber attacks. It provides a clear statement of the basic controls all organisations should implement to mitigate risks from the most frequent internet-based threats. Once a solid foundation of basic hygiene measures are in place, it can be built on as an organisation better understands its exposure to cyber risk. Our experts can help you achieve this standard.

List X

List X Contractor Status is the term used by UK Government to describe a business that has been approved to hold and process information at the Government Security Classification (GSC) of SECRET and above. A combination of appropriate and robust physical, procedural and personnel security measures is required to achieve List X Contractor Status. Our specialists have extensive experience in this area, which allows them to help you gain List X facilities approval.

CORVID’s dedicated, highly-skilled professionals live and breathe cyber. Our specialist team includes NCSC-certified consultants, GDPR practitioners, and analysts qualified to doctorate level, with extensive experience supporting both private and public sector organisations, providing tangible expertise, advice and guidance on all aspects of cyber security. They will work with you to establish and maintain a bespoke and effective response to your cyber concerns.

Speak to one of our experts to arrange your free introductory scope, to identify how CORVID's Consultancy Service can help you achieve your cyber goals and security objectives.