Governance, Risk and Compliance

Information Risk Assessment

Our world-class information risk assessment ensures over 450 vulnerabilities are reviewed in interviews with strategic and tactical teams. The assessment factors in concerns raised by stakeholders, audit findings and past incidents ensuring that all security requirements are identified and prioritised according to business impact.

IT Governance and IT Risk Review

IT governance is a framework that ensures your IT infrastructure supports and enables an organisation to achieve its goals. We will perform an IT process maturity review, IT risk assessment and can assist with remediation of your IT environment.

Information Security Management System (ISMS) and ISO 27001 Certification

We have the necessary skills and experience to partner with you to scope, establish an ISMS, and take it through to a successful ISO 27001 certification. We can furthermore assist with certified lead auditor and lead implementer training for all teams.

Supplier and Third-Party Risk

We will review your current supplier management lifecycle to ensure that the applicable governance components such as NDAs, SLAs and other contracts are in line with information risk management requirements. We also perform independent third-party risk assessments.

Privacy and Protection of Personal Information Act (PoPIA) Reviews

Organisations are expected to safeguard personal information entrusted to them; ignorance is no longer accepted as an excuse. We conduct a privacy impact assessment and provide the necessary consulting services to ensure your organisation is compliant with relevant privacy and data protection requirements.

Disaster Recovery (DR)

Following an alignment process to the Business Continuity Management (BCM) strategy, we establish detailed disaster recovery plans for all key areas of the organisation. We then run simulated disaster scenario tests and help to mentor and upskill the DR Operations Team.

A proactive approach

The implementation of a proactive approach to information risk management will ensure that your business is better prepared for any internal or external attacks, leaving your company more secure and ensuring better governance. However, businesses without such an approach in place are left vulnerable, with potentially disastrous consequences.

Wolfpack provides an advisory plan which enables you to be well-equipped to achieve full adherence to the ISO Standards, as well as maintaining a defendable, risk-management based security posture in the face of a constantly changing regulatory, customer, and threat environment. Wolfpack will partner with you to build a solid, business-aligned security strategy, thereby improving your organisation’s cyber risk management.

Information Risk Strategy and Roadmap

Our information risk framework provides the foundation upon which we architect the strategy to support business objectives and the subsequent information risk programme. The modular nature of the framework furthermore provides an agile environment to allow the organisation to continuously re-evaluate their priorities and approach as the business and threat landscape evolves.

Security Architecture and Design

A well-designed security architecture programme will ensure that all security is business-driven, risk-focused, comprehensive, modular, auditable and transparent, demonstrates compliance and provides two-way traceability of business requirements.

Human Resource (HR) Governance

We ensure that the security governance requirements of the employee lifecycle from on-boarding, security roles and responsibilities and finally off-boarding are defined and communicated effectively to both IT and HR teams.

IT and Network Security Reviews

IT and network devices are crucial for the operation of any organisation. An IT and network review will ensure that weaknesses in configuration are identified and remediated, reducing the risk of a security incident.

Change and Release Management

IT change and release management is primarily concerned with the governance of transitioning new technology and procedural adjustments into a live operational environment, with as little risk as possible.

Business Continuity and Crisis Management

We will establish the required BCM governance components in accordance with ISO 22301. We then conduct a Business Impact Analysis (BIA) with senior management teams to determine and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident or emergency.

Incident Management (IM)

We review your current IM, DR and BCM environment and ensure an ISO 27035 aligned incident management programme is in place to handle major privacy or cyber incidents. We provide the necessary governance documentation, detailed “battle guides” and training / simulated incident testing for the Incident Response Team (IRT).

Data Governance Framework – Classification and Handling

The data governance framework aims to provide an approach to proactively minimise the likelihood and impact of a data leak. Through a consultative approach, we help both business and IT to understand the value of their data, establish classification rules and then provide guidelines and traning to communicate securely.