top of page

Compliance Advisory and Implementation

We will help you meet your regulatory needs in the most cost effective and time efficient manner.

Flying Bird

Wilbourne holds certified partnerships with Drata and Vanta. 

Description of Services:

SOC-2-Type-2-1.webp
ISO-Logo.png

Advisory:

​​​​

​We will review your approach to developing a mature and defensible Information Security Management System (ISMS), this will involve reviewing your risk assessments, documentation and policies, as well as testing your controls. We will identify gaps in your ISMS and recommend actionable steps to implement the necessary controls to achieve ISO27001 or SOC2 attestation.

Implementation:

​​​

Wilbourne will collaborate with you to implement the controls which were identified to be absent or impoverished from the prior Advisory phase. The depth of implementation will be decided upon by your leadership team, and influenced by the bandwidth of  your internal resources.

Our Methodology:

Controls Review and Gap Analysis

Documentation Review

SOC2

Controls Implementation

ISO27001

Risk Assessment and Controls Testing

Evidence Collection

Mock Audit and Controls Corrections

ISO27001 compliance can also be achieved through successful SOC2 attestation. Many of Wilbourne's clients have engaged us to deliver both SOC2 and ISO27001 workstreams in the past. If both SOC2 and ISO27001 are relevant to your organisation, pursuing both at once can be a cost-effective and efficient approach.

image.png

Questionnaire:

​​​​

We will guide your organisation through the certification process, whether for your entire company or a specific subset. This certification focuses on assessing your cybersecurity maturity through a questionnaire, covering critical areas such as access control, patch management, and secure configuration. Our team will review your responses, ensuring they align with the Cyber Essentials requirements. We will identify any gaps, provide clear recommendations to address them, and validate your compliance to deliver your Cyber Essentials certificate with confidence.

63da6d7cacd33f6e43401981-removebg-preview.png

Further Implementation:

​​​​

We will support your organisation in achieving this certification starting with the same foundational steps as Cyber Essentials. Once the questionnaire is completed and compliance is confirmed, we will conduct a rigorous technical assessment. This includes scanning your external-facing systems to identify and address high-risk vulnerabilities, evaluating your internal systems for security weaknesses, and assessing the effectiveness of your email and malware defences. Our thorough review ensures your organisation meets the enhanced standards required for certification, providing added assurance of your cyber security resilience.

Complimentary Cyber Essentials Services:

Pre-Cyber Essentials Workshop

In order to minimise your chances of being non-compliant at the time of the assessment and subsequently failing the certification process, we can deliver a consultative workshop preparing you and maximising your potential to achieve compliance and certification.

Why Use Our Services?

Cost Saving
Time Efficiency
Minimising Errors

We will remove the need to hire an expensive compliance team to satisfy your regulatory needs.

On average, we reduce the time to achieve compliance to various compliance frameworks by 40%.

Our team holds rich experience in helping clients achieve compliance, which maximises your success.

Your Service Experience

01

Understanding Your Position and Goals:

We will work with you to understand how far into your implementation journey you are, and areas you would like support in to achieve compliance.

02

Delivery:

Depending on the type of advisory or implementation support you would like, we will ensure your compliance status is raised to your target position.

03

Deliverables:

We will commission any documentation and supporting evidence of controls implementation that were missing, and may be required during the audit, in a format that could be supplied to an auditor.

bottom of page