back to listings SME Profile: Pondergrove Ltd
22 Liberty House
The Enterprise Centre
Greenham Business Park
Tel: +44 (0) 1635 817309
ISM: information security management systems specialists
ISM is the information security management division of Pondergrove Ltd. Based in Newbury with a UK-wide team of associates, Pondergrove has a twenty year track record of successfully designing, developing and implementing management systems which not only achieve certification to international standards but also deliver major operational benefits for our clients, which include both private and public sector organisations.
We are dedicated to the delivery of cost-effective information security solutions for public sector organisations, reinforced by our current * G-Cloud status listing
The three core service areas we offer public sector clients are:
Information Security/Assurance Risk Assessment and Management
Delivery of a comprehensive information assurance/security risk assessment of your organisation’s business operation, suitable for ISO 27001 certification and HMG accreditation. Outputs can be used to define content of policies and procedures for the organisation’s management system as well as input to the Risk Management Accreditation Document Set.
Management System Internal and Supplier Auditing
The service plans and delivers a programme of security and/or service quality audits to confirm whether the organisation’s management system is operating as required. The outputs (e.g. audit programme and audit reports) can also be used to achieve ISO 27001 certification, ITIL compliance and HMG accreditation.
Management System Design, Development and Implementation
Delivery of a comprehensive, operational management system designed to control the information assurance (IA), security and/or service/quality of cloud services, ensuring that services fully and consistently meet client requirements. Outputs (e.g. policies, procedures, SyOps) can also be used to achieve ISO certification, ITIL compliance and HMG accreditation.
Why use ISM for your ISO 27001 requirements?
Using the comprehensive, but lengthy, ISO 27001 standard as the starting point for your information security journey tends to result in the design and development of systems which are large and lack focus; containing controls that may not be needed, and constraining the business operation unnecessarily. Although such systems achieve conformance, your staff will probably find them difficult to use, resulting in high implementation and maintenance costs.
The right way to begin your ISO 27001 journey:
- define your corporate aims, values and objectives for managing information security
- review your existing operational practices and documented procedures
- identify your information assets and the security risks which affect them.
This will ensure that the information security management system (ISMS) contains the minimum of complexity and supports the business whilst meeting the requirements of the Standard.
ISM’s unique approach is based on:
- five ‘Principles of Management Systems’, also published on the company’s website
- our application of the continual improvement cycle, which ensures that the cycle works to the benefit of the business rather than merely conforming with the applicable standard.
This time-saving methodology has enabled our clients from both the private and public sectors to implement ISO27001-conformant management systems which are easy to use and based on the requirements of the business rather than the standard, thereby delivering improvements in operational performance.
The success of this approach led to the publication, originally in 2003, of our ‘Guide to achieving ISO 27001 certification’. The Guide has been used by at least a hundred organisations who have obtained ISO 27001 certification. Please apply for the guide using the link below.