Our Services
ISO 27001
Information Security Management System
ISO 27001 is the international standard that specifies requirements for an Information Security Management System (ISMS). The ISO 27001 standard is an excellent standard to demonstrate to your clients and other stakeholders that you take information security seriously, that you understand the information security risks that your organisation faces, and you have put in place good controls to reduce your risks to an acceptable level. Most organisations already have numerous information security controls established, however, without an information security management system (ISMS), controls tend to be somewhat disorganised and disjointed. We work to identify the controls applicable to your business.
We live in an ever-developing digital world, with modern day criminals hiding behind computer screens and the over reliance on technology can mean that gaps and vulnerabilities exist that may not be obvious or simply you are not aware of. Implementing an ISMS will identify the risks and enable you to put things in place to reduce the possibility of such risks being exploited. ISO 27001 is not a quick fix to demonstrate compliance, it is something that Senior Management must support otherwise the implementation project will be an uphill struggle, cost more money, overrun, and ultimately not be embedded into the business. ISO 27001 has taken over as the lead in ISO frameworks adopted by businesses, for the first-time knocking ISO 9001 off first position, this is due to several factors:
- the digital world in which we now operate focusses businesses on security of information and systems.
- GDPR recognising the standard as a framework to aid compliance.
- an increase in the requirement for certification to win new business contracts.
Some companies worry that an ISMS will stifle innovation or ruin the fun and friendly ethos of their companies, this does not have to be the case, but there must some realisation and acceptance that certain things must change to safeguard the company’s assets, this includes people.
We will work with you from the beginning, to project manage and guide you through your journey to certification. We pride ourselves on eliminating jargon and have the skills to communicate at different levels across businesses. At CRK Consulting Limited we have a very hands-on approach and enjoy getting to know you and your business so we can develop a system that works for you. If you prefer that we work with you more at arm’s length, we are happy to be a constructive member of any project team.
Simple, we want to work with you to develop a system that works for you, is owned by you and that you are confident for us to step away from and leave you managing your own ISO 27001 certification. We will always be around if you need us to bounce questions off or to run an eye over something, but ultimately, we want you to feel empowered and confident in moving your business to the next level.
“CRK Consulting Limited worked with us to achieve our ISO 27001 Accreditation in June 2020. Caroline took an extremely practical approach and worked with us to provide a gap analysis which allowed us to set milestones to meet our deadline for the audits. We were able to draw on CRK Consulting Limited’s experience and knowledge in respect of Information Security to move our company forward and would highly recommend their services.”
ISO 9001
QUALITY MANAGEMENT SYSTEM
ISO 9001 is the international standard that specifies requirements for a quality management system (QMS). Organisations use the standard to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements. We work with businesses to identify their core activities and advise them in how to enhance efficiency by improving existing processes.
We believe the current ISO 9001 standard has changed the way companies consider quality, previously aimed at physical products, the standard is now better placed for service industries to adopt the standard. At CRK Consulting Limited we do not think that the term ‘Quality Management System’ serves the requirements of businesses in the 21st century accurately, we prefer to adopt a wholistic approach to implementing a ‘Business Management System’ as quality should be at the heart of every business, but to achieve this it takes effort from across the whole business and issues internally and externally which impact the effectiveness of delivering the desired results.
We will work with you from the beginning, to project manage and guide you through your journey to certification. We pride ourselves on eliminating jargon and have the skills to communicate at different levels across businesses. At CRK Consulting Limited we have a very hands-on approach and enjoy getting to know you and your business so we can develop a system that works for you. If you prefer that we work with you more at arm’s length, we are happy to be a constructive member of any project team.
Simple, we want to work with you to develop a system that works for you, is owned by you and that you are confident for us to step away from and leave you managing your own ISO 9001 certification. We will always be around if you need us to bounce questions off or to run an eye over something, but ultimately, we want you to feel empowered and confident in moving your business to the next level.
“We have been working with CRK Consulting Limited since 2018 and I could not recommend Caroline enough. Her application to help you through processes, the understanding of them and sharing her knowledge are outstanding. Caroline is always there to help; nothing is too much trouble for her. Without her we would have struggled to obtain our ISO9001 certification, and she remains an integral part of our Quality Management System.”
Cyber Essentials
PREVENT THE VAST MAJORITY OF CYBER ATTACKS
Cyber Essentials is a simple but effective, Government backed scheme that will help you to protect your organisation, against a whole range of the most common cyber threats. It also allows you to demonstrate your commitment to cyber security to prospective customers that is pragmatic and cost-effective. Cyber threats come in many shapes and sizes, but the vast majority are very basic in nature, carried out by relatively unskilled individuals. They are the digital equivalent of a thief trying your front door to see if it is unlocked.
There are two levels of certification:
Cyber Essentials
This is a self-assessment option which gives you protection against a wide variety of the most common cyber-attacks. This is important because vulnerability to simple attacks can mark you out as a target for more in-depth unwanted attention from cyber criminals and others.
Cyber Essentials Plus
Cyber Essentials Plus still has the Cyber Essentials trademark simplicity of approach, and the protections you need to put in place are the same, but for Cyber Essentials Plus, a hands-on technical verification is carried out known as a vulnerability assessment.
At CRK Consulting Limited we believe that Cyber Essentials is a great tool to use for companies that have not previously addressed information security in a systematic way. It starts conversations and asks questions that may have never been asked before, it is thought provoking and self-paced, so you have time to put things in place before submitting your self-assessment. The Cyber Essentials Plus is the test of your self-assessment, do you practice what you preach. We believe this additional part of Cyber Essentials is where the truth lies, as you are testing for vulnerabilities that have not previously been identified. The Cyber Essentials plus is recognised by GDPR and NHS DPST and is more frequently being set as a base level requirement for business contracts. It is certainly an affordable cyber assurance framework that many companies are now adopting.
We provide a turn-key solution, where we liaise with the appropriate people in your business to gain the information required to meet the requirements of cyber essentials, completing, and uploading your assessment with a recognised certification body. We work with partners that perform the Cyber Essentials Plus vulnerability testing to outline any improvements that should be addressed to reduce the risk of a cyber-attack.
We want to make the process as simple and hassle free as possible for you by delivering a full turn-key solution. Even a simple virus or piece of malware could result in loss of company and client data, disrupt your cashflow and take up staff time. An attack could also put off your customers, stop you trading and damage your hard-earned reputation. We will assist you every step of the way to gaining accreditation.
“CRK Consulting Limited assisted us with our Cyber Essentials certification, Caroline’s knowledge and expertise in this field is outstanding and we could not have done this without her. We will most certainly be using CRK Consulting Limited again.”
GDPR
THE GENERAL DATA PROTECTION REGULATION
The General Data Protection Regulation (GDPR) was initially a regulation by which the European Parliament, the Council of the European Union, and the European Commission intended to strengthen and unify data protection for all individuals within the European Union (EU). As the UK have exited from the European Union, the EU GDPR no longer applies and has been replaced by the UK GDPR.
The regulation of personal data has been well overdue and the GDPR addresses this matter. When the new regulation was introduced it put personal data on the map and gave control back to individuals. Many businesses were not ready for these changes and are still struggling to understand how they should be addressing it, with very little guidance from the authorities. In our opinion. GDPR is a snapshot of ISO 27001, but the information asset that is under scrutiny is personal data, therefore the scope is a lot smaller and easier and quicker to implement controls and understand how personal data flows through your business.
We will work with you from the beginning, to project manage and guide you through your personal data discovery. We pride ourselves on eliminating jargon and have the skills to communicate at different levels across businesses. At CRK Consulting Limited we have very hands-on approach and enjoy getting to know you and your business so we can develop a system that works for you. If you prefer that we work with you more at an arm’s length, we are happy to be a constructive member of any project team.
Simple, we want to work with you to develop a system that works for you, is owned by you and that you are confident for us to step away from and leave you managing your own GDPR compliant system. We will always be around if you need us to bounce questions off or to run an eye over something, but ultimately, we want you to feel empowered and confident in moving your business to the next level.
“We have worked closely with Caroline at CRK Consulting Limited to assist us with GDPR compliance for our business, she has been a knowledgeable and indispensable asset. Caroline gives sound, informed advice and made it understandable within the context of our business. Caroline is organised, efficient and reliable. I wouldn’t hesitate to recommend CRK Consulting Limited and will continue to use their services.”