Our experience, competencies, capabilities and interests include:
Governance, Risk and Compliance in the business context
Information risk and IT/cyber risk management taking a pragmatic, systematic approach
Information security and cybersecurity management - focusing on achieving control objectives
Preparing or critiquing security strategies and plans such as business cases, project proposals and budget requests
Writing and customising security policies, procedures and technical documentation
Security metrics - helping you figure out what to measure, how and when
Security awareness and training - bringing management, staff and professionals up-to-speed on current concerns
ISO27k Information Security Management Systems - designing, implementing, using, reviewing and maintaining
IT and ISMS audits, management reviews, gap analyses, supplier assessments and installation/system audits
Interim management of information/cybersecurity or IT audit functions, with help to recruit permies
Mentoring information risk and security professionals
So, what do you want to achieve? If you're not quite sure, let's chat about your situation then zoom-in on specific requirements.
Get in touch! We first of all need to know what kind of services you require, not least to determine whether we are able to help i.e. do we have the skills, knowledge and resources to undertake the assignment.
If so, we normally prepare at least an informal summary of the assignment to clarify our understanding (for small/quick jobs), or a more detailed and formal proposal (for more substantial/ongoing assignments), typically including an outline plan and information about our capabilities. Either way, we will require a contract to formalise the main parameters such as the obligations on both parties, our charges, and invoicing arrangements, and so forth, before we can commence the work. Given the nature of consulting, particularly in this domain, we anticipate the need for certain controls to protect both you and us against unacceptable information risks.
If not, we may be able to put you in touch with other organisations that are better suited, or at least point you in a more appropriate direction.
We start by discussing your requirement and our capabilities, looking for a match.
Then we prepare a proposal with sufficient detail for you to discuss, confirm and if necessary seek approval for the assignment. The proposal includes:
Information about IsecT such as our capabilities;
Our understanding of your objective/s;
An outline of the assignment, including the anticipated timescales;
A draft professional services contract;
A schedule with specific details about the assignment such as a budgetary estimate based on our initial understanding, our rates and payment terms, and administrative information.
Unless you already know exactly what you want and have a reasonably explicit and precise set of requirements, we'll set out by talking to you by email, phone and video to understand your situation, your objectives, and your constraints. We'll talk up our competencies and skills, explaining our interests and preferences, focusing on areas in which we believe we can add the most value for you. We'll check out each other's backgrounds.
Having thought through the job at hand and the work involved, we'll draw up a proposal suggesting an approach with options to consider and discuss. The proposal will specify our understanding of your objectives, and provide a workplan showing the deliverables, timescale and cost.
Then it's over to you. You may have other things on your mind, perhaps changes or concerns to discuss. You may need management approval to proceed. This is the time to finalise the approach and the workplan before entering into a formal professional services agreement - an important step in the process as we both commit to the terms, including nondisclosure.
Having struck the deal, we both get going on the actual work. Given the choice, we much prefer to work collaboratively, interactively, with plenty of to-and-fro between us, particularly as we get to know each other and further refine those requirements and expectations. We'll talk to you about items on the workplan, raise any queries, concerns or issues arising, and start delivering value in the form of tangible deliverables (documentation) and intangibles (suggestions, ideas, concepts, things to make you think). We'll share drafts and discuss various matters such as aspects that weren't fully specified up-front, or stuff that comes up naturally in the course of the work. Likewise, you'll be feeding us additional information, guiding the work, commenting on how things are going, asking questions, suggesting changes or refinements, that sort of thing. Meanwhile, we'll be tracking and accounting for our time, making real progress against your requirements and the workplan, and enjoying the now flourishing relationship. Once in full flow, this is a very productive and enjoyable phase!
If issues crop up on either side, we'll jointly decide how best to tackle them. If required, we can deliver and talk through formal status/progress reports and timesheets, present interim invoices, or simply catch up informally from time to time - either in the course of the collaborative work or separately if you are not our main contact. We're pretty flexible and, always, determined to ensure that you get what you need - and then some.
As the work draws to a close, we start winding-down and finalising things, tying up loose ends so as to leave on a good note. We value the relationship as much as the business and really appreciate customer endorsements, referrals or simply constructive feedback for future assignments. If we've done a good job, hopefully you'll want to spread the word. If not, tell us: we can take it.
From then on, well hopefully we've gone beyond business colleagues to become friends. No doubt we'll think about and maybe bump into each other occasionally. Maybe, some day, we can pick it up again but we promise not to pester you for more work - we're not the pushy sort. It's good to know how things turn out for you, both commercially and personally, so please keep in touch.
We normally charge by the hour or day, depending on the nature and extent of the work.
We only charge for time actually worked on assignments! We use a time recording system, adding sufficient details to our invoices so that you can verify against your own records. We don't charge a 'retainer'.
For short, well-defined assignments, we invoice the pre-agreed amount on completion.
For longer, evolving assignments, we invoice at the end of each period (normally a calendar month) at a pre-agreed rate. Nobody likes being hit with unexpected bills so we'll keep you up to date on progress and charges throughout.
If you prefer some other arrangement (such as a call-off contract that caps our charges to an agreed budget), we can probably accomodate that.