Information Assurance

We work to assure information risks that are related to the use, processing, storage, and transmission of data, as well as to the relevant systems and processes.

Contact us

Information Assurance

Our services are designed with the customers holistic information security needs in mind and structured around four capabilities:

Audit and Review

Routinely auditing your information security management systems is crucial to risk appreciation and management.

We offer audit and review services that encompass both technical and procedural audits against recognised standards. Our blend of audit approaches ensures we deliver insightful and pragmatic recommendations.

We offer the below services:

  • Support monitoring that controls are effective
  • Identify areas of risk and support third party risk awareness
  • Provide evidence to maintain compliance against required certifications
  • Demonstrate maturity in your information security programmes to your business stakeholders and customers
  • Provide the evidence to demonstrate progress in projects and tangible returns on investment

We assess against a variety of standards, such as: Cyber Essentials, ISO27001/2, DCPP, GDPR and NIST.

Security Architecture

Our Security Architects hold industry qualifications and are experienced in the design of highly secure architectures that meet the rigours of UK Government and Defence assurance requirements.

Value to you

Engaging the services of a Security Architect across the project's lifecycle delivers a variety of benefits to organisations that provide a platform for business growth. You will:

  • Understand interdependencies across your estate
  • Improve interoperability across your estate through the adoption of standardised approaches
  • Gain the understanding of emerging technologies and how they can effectively integrate with your existing estate
  • Understand the risks you are exposed to, best practice approaches to mitigating them and the financial, legal and regulatory impacts to your organisation

What we do:

We independently review and validate proposed security architectures, and employ standard architectural methodologies such as SABSA and TOGAF.

In addition, we design, implement or review network and infrastructure designs, as well as providing project management support to transitional or systems integration programmes using traditional or agile approachs.

Furthermore, we chair or participate in organisations such as the Technical Design Authority (TDA).

We also design and implement secure solutions, including:

  • Identity and Access Management solutions
  • SOC and SIEM
  • Gateway and boundaries
  • Cryptographic solutions

Risk assessments

Our risk consultants carry out risk assessments based on qualitative or quantitative methods, which help organisations to understand the threats they face. It also provides the necessary justification for cost-effective investment in information security.

Value to you

Business relationships are continually evolving include greater reliance on third parties, and an expansion of typical technology and security boundaries.

Engaging the services of a MASS risk consultant delivers a variety of benefits to organisations that provide the basis for competitive advantage. You will:

  • Enhance your enterprise awareness of risks
  • Sharpen the focus of executive management
  • Enhance your ability to formulate risk management plans, respond to incidents or demonstrate compliance
  • Engender trust in your organisation
  • Be better placed to accept new business opportunities and improve your competitive advantage

What we do:

Risk assessments utilise a variety of approaches, including UK HMG methods or industry standards.

The assessments are provided in the context of your risk management criteria such as business impact, risk tolerance or appetites, likelihood, and threat vulnerabilities.

Our specialists provide assessments for Privacy Impact, Cyber Security or Technical Risk, Physical Security Environment.

We also assess connection conformity to Codes of Connection.

Risk management

Our risk consultants work with your existing teams to develop risk tolerance criteria and define risk management strategies that are designed to establish the framework to mitigate the likelihood of loss and impact to organisations.

Value to you

The increase in external relationships, the emergence of advanced and persistent threats and evolving legislative and regulatory environment, means that risk management must be an enterprise-wide integrated business function.

Our consultants:

  • Apply cost-effective risks mitigation strategies
  • Provide the seamless adoption of new regulations and legislation
  • Enhance your resilience to the consequences of evolving threat and risk landscapes
  • Demonstrate risk competence to your business stakeholders and customers
  • Be better placed to accept new business opportunities and improve your competitive advantage

What we do:

Our risk advice is pragmatic and proportionate

We support existing risk management programmes by creating bespoke policies, working with stakeholders to define risk management criteria, and developing or advising on business continuity plans.

Additionally, we interpret threat intelligence and risk assessments in the context of your business, while providing security risk and threat education, awareness and information assurance training.

We also develop procedures for supply chain risk management and assurance.

  • Work with stakeholders to define risk management criteria
  • Develop or advise on the creation of business continuity plans
  • Interpret threat intelligence and risk assessments in the context of your business
  • Provide security, risk and threat education, awareness and training
  • Develop supply chain risk management and assurance procedures
  • Provide pragmatic and proportionate risk management advice

More from MASS

Partnering with you to safeguard your information against Cyber threats

Talk to one of our Cyber Security business advisors on +44 (0)1480 222600 between 0800-1800 UTC

Contact us