IL7 consultants will operate within a framework consistent with ISO 31000 principles, clauses and guidelines. Consultants will start by discovering the context of where they are operating first. The object is to understand the business, whether it be HMG or local government, a utility or service provider. Our consultancy will not just be about risk assessment and presenting an RMADS type document, but about risk management, including how system managers communicate security and risk awareness and how they monitor progress of controls – how they will keep the risk management progress alive and bring about continual improvement. In effect, our presence will build capability and competence.
L7 will also embrace ISO/IEC 27005, Risk Management Standard. We will seek to introduce a systematic approach to implementing an Information Security Management System (ISMS) based on the business context of risk. It will be a consistent approach based on the customers need. The ISMS will be aligned to overall risk management; it will be a cyclical and iterative process of consultation. It will reflect the organisations risk appetitive, its attitude to risk.