ISO 27001 Certification
If you are thinking of creative thinkers and doers – Think DRPG!
DRPG is one of the leading media and creative communication powerhouses in the UK. Spanning more than four decades, the organisation has consistently provided a comprehensive array of services, encompassing video production, event management, digital solutions, research, strategic planning and brand campaigns.
The consistent growth of the company came with the pressing need to secure its information assets and data. James Hurley, Head of IT, needed a trusted and credible firm to commence their journey to ISO 27001 Compliance and ultimately, their certification.
According to him “In searching for a consulting company, we looked for an industry authority with a track record of client satisfaction. After consulting with several industry leaders, Risk Crew consistently emerged as the best consultancy to work with, not only for ISO 27001 Compliance and Certification but also for Risk Management and Security Testing.”
We have evolved from service providers to lifelong partners, and it is always an amazing experience working with his team.Watch Video
Risk Management – Security Awareness Training
We conducted security awareness training through Risk Crew’s eRiskology platform for an international automotive parts distributor. It was a 3-year, organic program applying simple, intuitive, personal multi-media messaging through 4 harmonised “pathways”: Inspire, Empower, Engage and Measure.
Pathways were designed to measure existing and changing awareness states by capturing key performance indicators collected to confirm & measure cultural change. We leveraged social engineering activities to collect phishing and telephone pre-texting KPIs. By the end of the 3-year engagement, the assessment pass rate increased by 140% and the organisation is working towards ensuring organisation assets remain safe and protected from threat actors.Learn more about the service
Governance, Risk and Compliance
Risk Crew were approached by a major telecommunication and IT provider who aspired to achieve certification in ISO 27001:2013. We conducted a security maturity assessment to analyse their existing security landscape – including a review of their policies, procedures, governance and security controls.
We started with the statement of applicability and engaged with a client in a way that minimised the impact on their day-to-day business. Our approach was to make ISO 27001 fit their business and not the other way around. We also acted as their information security manager by conducting internal audits against all controls and testing their business continuity and incident management process.
We then moved to designing and building their Information Security Management System. In the process, Risk Crew conducted interviews with key stakeholders and control owners to identify critical information assets; conducted a risk assessment, populated the risk treatment plan and developed security policies to fill the gaps.
Prior to the UKAS auditors’ certification audit, one of our consultants conducted a mock audit to identify any non-conformities before the live audit. The client successfully achieved an ISO 27001:2013 certification with only a few recorded observations from the auditor.
Red Team Testing
A major United Kingdom-based retail banking organisation that provides a wide range of personal, business and wealth management financial services identified an immediate need to ensure that their physical, information and cyber security controls could withstand a “real-world attack” from current cyber criminal threat actor tools and methodologies.
The organisation required efficacy confirmation of the Information Security Management System (ISMS) deployed to protect the information assets they processed, stored and transmitted. It was imperative that the effectiveness of all the controls implemented in their business processes, staff, facilities and IT systems that prevent unauthorised access to their sensitive data be verified as “fit for purpose”.
Risk Crew designed and delivered a comprehensive Red Team security test in response to this requirement. The testing took place over 3 months and comprised the collection of Open-Source Intelligence (OSINT) associated with the customer, their business processes, staff and operating locations.
The testing resulted in identifying numerous and significant security flaws, which were easily exploited and allowed unauthorised access and data exfiltration which had not been identified in previous security audits or tests.Learn more about the service Download the case study
Hear From Our Clients
Why Choose Risk Crew