Bridewell Consulting are a highly experienced Cyber Security Consultancy for the delivery of Audit and Review, delivering services to both the public and private sectors.
We offer clients both technical and process and procedural audits against international standard and proprietary standards. We perform internal reviews, and we can review your third party service providers who are frequently the weak link in an organisation’s control framework.
In addition to the audit and review we provide clients with pragmatic suggestions as to areas of non-compliance can be addressed or suggested areas for improvement. We are also able to produce meaningful audit metrics for clients that can be integrated into their wider risk management.
Bridewell Consulting have a modular audit capability across each of our service lines. This allows the most appropriate service to be sourced separately from other services with qualified consultants.
We provide a fully comprehensive security audit service, addressing all or a selection of the following elements:
- Security Standards & Policy
- Security Controls
- Information Security Management System
- Physical Security
Audit and review can deliver many benefits to an organisation and is integral to an organisation’s wider risk appreciation and risk management.
Audit and review not only ensures you and your suppliers are complying with their contractual and legal and regulatory obligations, but also validate the effectiveness of the controls an organisation has implemented to mitigate risk. Audit and review can identify risk before the risk becomes a significant problem for the organisation.
Audit and review can qualify areas of risk within an organisation but it can also highlight trends across third party suppliers that could indicate issues with how the suppliers have been commercially engaged and are operating.
It should be used to effectively monitor progress within an organisation. For example, an audit and review could be performed at the start and end of a project. This can help teams to demonstrate progress and in the project but can also demonstrate tangible returns on investment made in the project.
How We Can Help
We can perform technical system audits (infrastructure, application) as well as audits against operational processes and procedures. Looking at security policy and standards, security controls (including physical security), and organisations Information Security Management System (ISMS).
The balance of technical and consulting skills that our professionals possess means we can deliver very detailed and insightful audits and reviews, also providing pragmatic recommendations to consider. This makes the Bridewell Audit and Review service a very valuable proposition for organisations.
We undertake audit and assurance reviews against any international standard, act or regulation including but not limited to: –
- PSN, PSNP and Security Principles
- Product standards
- UK Data Protection Act
- General Data Protection Regulation (GDPR)
- Cyber Essentials
- ISO27017 & ISO27018
- ISO 11568 (Banking Key Management)
- ISO 11770 (Security techniques – Key management)
We also provide services to clients assessing against proprietary policies and standards that they have developed.
We have developed an Audit and review of organisations cryptography solutions, focusing on the cryptographic hardware or software and the associated cryptographic key management. This specialised audit and review can be conducted for financial institutions, payment card producers and retailers who rely on e-commerce.
We can automate and analyse audit reviews of an organisation’s third party providers. This can be detailed or initially high level with the advantage that Bridewell can analyse and present the initial findings to an organisation. This tends to highlight areas for more in depth investigation meaning organisations can make informed choices as to which third party providers need a more in depth on-site visit audit and review.
Based on our experience we have developed a number of tools that can be used to generate audit metrics, track remediation activities, and highlight trends both for an organisation and their suppliers. The tooling also maps controls across standards to allow organisations to be assessed in a like for like manner.
These tools are utilised as part of our standard engagements by our professionals and are available to organisations if required. The output from these tools is frequently used in conjunction an organisation’s risk management tooling.