Our Vision
At Berbridge, we pride ourselves on our diverse, cross-functional team of experts. Our team's varied backgrounds empower us to execute on a wide range projects and serve clients in many different industries. This diversity isn't just our strength - it's our signature, ensuring tailored solutions across a myriad of industries and rising to meet any challenges.
It’s easy to take the machiavellian approach, to get tied up in the mess and only focus on the bigger goal, but when you do this for too long, cracks start to appear. We are not pegs on a gear, we are complex people, dealing with other complex people. When this is understood, positive sustainable change can happen.
Dan Ferguson
Senior Information Security Consultant
The Berbridge Method™ Consists of 5 steps that may seem straight forward and common sense, as they should.
The Berbridge Method™
Step 1:
Identify a Manageable Scope
The most important decision you will make when going for an ISO 27001 certification is determining the Scope of your Information Security Management System (ISMS). From years of experience we know how to optimize your ISMS Scope. We can ensure your Scope meets your business needs while remaining manageable and not inflating your audit time and cost.
DATA ENCAPSULATION
Law Firms, Educational Institutions, and any other organizations providing services to their internal or external clients may benefit from data encapsulations. As a service provider you do not have control over the information in your system. The client is the risk owner for the data. In these situations you may only have to certify the service related information, components, and processes.
Step 2:
Leverage Existing Controls
Reinventing controls that are already in place and effective is not only a waste of time and money but also force process changes that can cause undue stress on personnel and cause unexpected responses during audit (we don’t like unexpected things in audits). One of Berbrige’s principle rules is “Leverage existing security controls.”
GAP ANALYSIS
By performing a through document review, Berbridge can not only tell you what effective controls you have in place, but also how far you have to go. Our proprietary dashboards can help show the current state and process as we move towards certification. Seeing that you’re ready to go can significantly destress the audit.
Step 3:
Implement the ISMS
Based on the Gap Analysis Berbridge will plan and execute the formal implementation of an Information Security Management System (ISMS). Once again leveraging as much as possible existing documentation, processes, and structures within the organization. This method of developing the ISMS should make it feel like an extension of the existing infrastructure. In turn this will foster easier adoption and less resistance as process changes and resource needs are kept to a minimum.
ISMS Manual
Not all consultants implement an ISMS Manual. At Berbridge we do. Employing an ISMS Manual that aligns with sections 4 to 10.2 of the 27001 standard greatly facilitates the certification audit for both the auditor and auditee.
Step 4:
Requisite Activities
To get certified, several activities must be completed. Some annual and some more frequent. Berbridge can assist in the planning, scheduling, and execution of these activities. Our level of involvement is dependant on the needs of the client.
activities
Requisite activities include but are not limited to:
- Annual Document Reviews
- Security Awareness Training
- Inventory of Assets
- Mgmt. of Corrective Actions
- Risk Assessment
- Internal Audit
- Monitoring of Security Objectives
- Management Review
Step 5:
Audit Readyness
Berbridge takes a layered approach to audit preparation.
Internal Audit
Berbridge employs expert certification auditors (yes the auditors that do the actual certification audits) to do internal audits for our clients. This expose the organization to the real audit experience and provides valuable feed back on nonconformance to address prior to certification audit.
Audit Preparidness
Berbridge provides auditee training to foster the best possible audit responses. Additionally, pre-audit checklists and communication are provided to mitigate the opportunity for avoidable finding during the audit.
Accross All Steps:
Maintain Momentum
A lack of momentum can cause an information security program to stall and die. Berbridge utilizes several strategies to maintain motivation and ensure that efforts keep moving towards the objectives. After working with us, it will be easy to see that we are not like other consulting firms. We genuinely look forward to working with our clients and it shows.