Additional Services

CastleSec Services.png

What other services do we offer?

We provide the industry experience and expertise to support businesses with a range of Information Security services.  If you are looking for something specific that is not documented here or on the website, please do get in touch to discuss your requirements and to see where we might be able to support you.

Audit and Compliance

We can support you with addressing the audit and compliance requirements for your company across a number of areas including:

  • ISO27001
  • IASME Governance Standard
  • Cyber Essentials certification
  • Cyber Essentials Plus Certification
  • PCI DSS Compliance
  • GDPR Compliance
If you would like to speak to us about any Information Security audit or compliance requirements, please get in touch.

Third-Party Assurance

Whilst your company can have all the appropriate technical, managerial (administrative) and physical or operational Information Security controls in place to secure the business, how can you be sure your data and that of your clients or customers is safe when in the hands of a third-party? Outsourcing is a growing trend, and companies increasingly depend on third-party providers to deliver critical services.

We can work in collaboration with you to provide an independent assessment of your third-party suppliers to ensure they manage your information and data in a manner consistent with your own policies and controls and which is aligned to Information Security best practice.
For more information, please get in touch.

Security Awareness

Ensuring that employees are educated about Cyber Security risks and best practice is vital to every organisation. Employees play a critical role in keeping an organisation secure and are frequently the target of cyber criminals as people are perceived as the weakest link for a business when it comes to cyber security.

Training employees to recognise and respond to security threats requires much more than technical solutions.

Whether you are looking to undertake end-user Security Awareness Training, run Email Phishing simulations or build a Security Awareness Program which will help change human behaviours across the organisation, we can help. For more information, please get in touch.

Cyber Health Check

Our Cyber Security Health Check service is built on the foundations of globally recognised cyber security standards and frameworks that we work with. Health checks are conducted by a certified Cyber Security Consultant and are designed to be flexible and align to the requirements of your business.
The service has three primary activities:

  • A Cyber Security Audit and Risk Assessment
  • Technical Vulnerability Assessments (on-site or remote)
  • A questionnaire for staff to determine the levels of cyber security awareness across your organisation
After completion of these activities, a detailed Cyber Security Health Check Report will be provided to your business which will report on the findings, outline your overall Information Security and Risk status and provide any recommendations for improvement or remedial action. For more information, please get in touch.

ISO/IEC 27001 Compliance

ISO/IEC 27001 is the best-known information security standard in the 27000 family of standards, developed and published by the International Organisation of Standardisation (ISO) and the International Electrotechnical Commission (IEC).

The ISO/IEC 27001 standard is a specification for an information security management system (ISMS); a framework for all the legal, physical and technical controls involved in an organisation’s information risk management processes.
Achieving certification demonstrates a strong commitment to the management of information security risk. It keeps pace with changes to security threats and offers a flexible risk driven approach. It will assist with compliance to business, legal and regulatory requirements. It will reduce the need for frequent audits (internal or external). Your organisation will have been audited and certified by a national accreditation body such as The United Kingdom Accreditation Service (UKAS).
We can help you achieve certification through what might be perceived to be a potentially challenging project.

We offer ISO/IEC 27001 gap analysis, risk assessment, implementation, consultancy and audit services. For more information, please get in touch.

UK GDPR Compliance

The GDPR is retained in domestic law now the EU transition period has ended, but the UK has the independence to keep the framework under review. The ‘UK GDPR’ sits alongside an amended version of the DPA 2018.

The regulation requires organisations to demonstrate compliance with the following key principles:

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (Security)
  • Accountability
This involves taking a risk-based approach to data protection, ensuring appropriate policies and procedures are in place to deal with the transparency, accountability and individuals’ rights provisions, as well as building a workplace culture of data privacy and security.
We can support your business in achieving compliance with any of the following activities:
  • Data Mapping and Data Flow Audits
  • Data Protection Impact Assessments (DPIA)
  • UK GDPR Awareness
  • UK GPPR Gap Analysis
  • Information Security Management Systems (ISMS)
  • Personal Information Management System (PIMS)
  • Data Privacy Policy and Procedures
For more information, please get in touch.

PCI DSS Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment.

Any organisation that handles payment cards (including both debit and credit cards), must meet the requirements of the Standard.

PCI DSS compliance demonstrates a strong commitment to protecting your customer cardholder data.

The standard consists of a set of 12 requirements which were developed and maintained by the Payment Card Industry (PCI) Security Standards Council. They cover six key areas:

  • Build and maintain a secure network
  • Protect cardholder data
  • Maintain a vulnerability management programme
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy
We offer PCI DSS gap analysis, risk assessment, implementation, consultancy, scanning and audit services. For more information, please get in touch.

Vulnerability Assessments

Conducting regular vulnerability scans will help determine the overall effectiveness of your information security technical measures.

Vulnerability Scanning (also known as Security Assessment) is a requirement of a number of Information Security Standards and frameworks including ISO 27001 and the PCI DSS (Payment Card Industry Data Security Standard).

We offer a number of scanning options:

  • External Scanning - Vulnerability scanning of internet facing devices or assets.
  • Internal Scanning - Vulnerability scanning of internal infrastructure or assets.
  • Web Sites & Web Applications - Vulnerability scanning of internet facing (public) web sites or internal web servers or web applications.
  • Payment Card Industry Data Security Standard (PCI DSS) Scanning - Requirement 11.2 of the PCI DSS (Payment Card Industry Data Security Standard) mandates “internal and external network vulnerability scans must be carried out at least quarterly and following any significant change. External quarterly scans must be performed by a PCI SSC ASV (Payment Card Industry Security Standards Council Approved Security Vendor).
  • Personal Identifiable Information (PII) Scanning - Scanning for any customer / Personal Identifiable Information which requires to be anonymised and/or appropriate controls put in place relating to unauthorised access. This is a requirement of the General Data Protection Regulation (GDPR).
For more information, please get in touch.

Penetration Testing

Conducting regular Penetration Tests will help determine the overall effectiveness of your information security technical measures. It serves to demonstrate if vulnerabilities can be successfully exploited by attackers.

We offer a number of Penetration Testing options:

  • External Penetration Test - Conducted remotely on external or public facing networks, applications and services.
  • Internal Penetration Test - Conducted on the internal network, applications and services.
  • Wireless Network Penetration Test - Conducted on the internal network, applications and services with a focus on any Wireless Networks.
  • Web Sites & Web Application Penetration Test - Conducted on internal web servers or web applications.
For more information, please get in touch.

Microsoft 365 Security Assessment

We offer a Microsoft 365 Security Assessment service where we evaluate and prioritise your Microsoft 365 tenant security settings based on your current Microsoft 365 licensing capabilities.

The assessment identifies weaknesses and gaps in your security configuration, enabling you to make the necessary changes to improve your security posture.

For more information, please get in touch.