SOC2 | ISO27001 | NIS2 | Cyber Essentials Guidance
Frameworks and Accreditations are sometimes as clear as mud! We dispel the myths and misconceptions and get you to where you need to be…
Framework alignment to key certifications such as SOC2, ISO27001, Cyber Essentials or NIS2 is an important step for any organisation. Though at KEEP we don’t simply believe in accrediting for accreditations sake. Though we understand some of the business pressures to do so!
Yet, fundamentally good cyber security management, governance and implementation can cover a large part of the frameworks. KEEP works with organisations to highlight gaps in their approach that may prevent them from alignment with a particular framework and provide actionable advice and strategy that will enable them to meet those requirements, while benefitting the organisation and increasing the overall cyber security posture and maturity.
Cyber Essentials
Our consultants work closely with your team(s) to allow you to achieve Cyber Essentials / Cyber Essentials+ rapidly.
CE / CE+ is a baseline accreditation any organisation, small or large, should have, but achieving it is quite simple.
Our consultants will prepare your organisation, review technical capabilities and processes to allow you to complete the assessment rapidly.
Dependent on your organisation we can often have you ready for a Cyber Essentials assessment in a day*
*Dependent on the current controls, policies and procedures the organisation currently has in place.
Speak to a Consultant
NIS2
The NIS2 directive (formerly NIS) came into effect in 2023, and is the EU-wide legislation on cybersecurity. The NIS2 Directive provides legal measures to boost the overall level of cybersecurity in the EU by ensuring Member States’ preparedness, by requiring them to be appropriately equipped and resilient to cyber attack(s).
The NIS2 directive focusses on the following vital sectors;
- Energy
- Transport
- Water
- Banking
- Financial market infrastructures
- Healthcare
- Digital infrastructure.
Businesses identified by the EU Member States as Operators of Essential Services (OES) in the above sectors will have to take appropriate security measures and notify relevant national authorities of serious incidents.
Our consultants have worked with multiple EU based organisations in the aforementioned sectors and assisted them to understand their current Cyber Security Maturity, their preparedness and assisted in completing Operator of Essential Services (OES) returns to the relevant member state authorities.
Speak to a Consultant
SOC2
A SOC2 audit reviews a body of evidence, often across a period of 9-12 months relevant to the scope, trust service principles and controls in place by the organisation.
SOC2 focusses on the body of evidence provided relevant to the policies, procedures, people, controls and processes in place. Essentially you must evidence what you state you’ve implemented.
Small issues in the control alignment will result in Minor non-conformities, whereas larger issues will result in Major non-conformities and likelihood of an audit failure.
Speak with one of our consultants to understand the requirements and nuances of SOC2 Type 1 and Type 2 audits, a review of your current controls and actionable advice, prioritised relevant to your organisation that will help enable you to pass a SOC2 audit by a Certified Public Accountant (CPA).
Speak to a Consultant
ISO27001
ISO27001 certification demonstrates to customers and competitors alike that you have a baseline of Information Cybersecurity policies and procedures in place that have been reviewed and audited.
Implementing an Information Security Management System (ISMS) and an Information Security Management Forum (ISMF) alongside well defined (and organisation relevant) policies, procedures and processes are the first steps on the journey to certification.
Our consultants will review your current practices, policies, procedures and general Information Security Management and advise on the simplest strategies to align with the requirements of ISO27001 and become certified, year on year.
Speak to a Consultant