Information Security now needs to be imbedded into every UK Company. Cyber threats, tighter regulation, individuals’ rights to data protection and clients becoming more concerned and selective about their suppliers having recognised security credentials, all add to the need for Information Security by design.
Every UK business, as a minimum, should have information security policies and controls in place that comply with the UK government’s Cyber Essentials certification scheme.
The problem is, how to introduce policies and controls that can be maintained by expert security resources in a practical and viable way?
Marathon is a Cyber Essentials certified assessor delivering IT security services designed to provide ongoing Cyber Essentials compliance through a managed service.
The service takes organisations from their current information security position through to Cyber Essentials certification and maintains their compliance on an ongoing basis.
Scope of Service
- Cyber Essentials Readiness Assessment
- Cyber Essentials Gap Analysis and Mitigation report
- Cyber Essentials certification and annual renewal
- Production of Company Information Security Policies document including:
- Password policy
- Production of Company Information Security controls document
- An annual Penetration test (for Internet facing IP addresses)
- Provides the Information Security Manager Role (if required)
- Firewalls configured in compliance with Cyber Essentials
- Produce Firewall control documentation
- Managed Firewall service
- Information Security change management (for new starters, leavers, new systems, etc.)
- 6 monthly information security reviews
- Patch and Firmware Management for all devices (Servers, PCs, Laptops, Tablets, Mobiles)
- Anti-Virus updates and management
- Produce standard builds in compliance with Cyber Essentials for all new or provisioned equipment
- User Account administration in compliance with Cyber Essentials*
- Information security policy and control monitoring
- Data access management and control
- Regular Information and Cyber Security training for staff
*All administrator services are protected by 2 factor authentication.
Out of Scope
Some companies may require new technologies to be deployed initially to comply with Cyber Essentials; such as Anti Malware for Mobile devices. Marathon can specify and implement these solutions outside the scope of the managed service.
- Avoids the need for costly internal information security resources
- Demonstrates to clients and partners that the company maintains information security controls recommended by the UK government
- Cyber Essentials is becoming mandatory for all government suppliers and large corporates such as BT and Astra Zenica
- Build confidence and knowledge across the organisation that information security is being managed in a highly professional manner