• Home Page
• Corporate
  • BCRM Approach
  • BCRM FAQ
  • Case Studies
  • Certifications
  • Code Of Conduct
  • Company details
  • Customer satisfaction
  • Industry Endorsements
  • The Team
  • Why us?
• Policies
  • Business Continuity
  • Conflict of Interest
  • Corporate Social Responsibility
  • Data Protection
  • Disability Discrimination
  • Environment
  • Equal Opportunities
  • Health and Safety
  • Information Security
  • Personnel Screening
  • Quality
• Services
  • Health Checks
    • Business Continuity
    • Security Vetting
    • Data Protection Act
    • Software Asset Management
    • Service Management
    • Information Security
    • PCI DSS
    • Risk Management
  • Information Assurance
    • Disaster Recovery
    • Information Security
    • Physical Security
    • Employee Vetting
    • Software Asset Management
    • Risk Management
    • Identity Management;
    • Secure Disposal
  • Compliance
    • Governance Today;
    • GRC
    • FSA Compliance
    • Data Protection Act;
    • PCI DSS;
    • Sarbanes Oxley;
    • FSAP
    • Workflow and GRC;
    • Using XBRL for GRC;
    • Inspection of Records;
    • Litigation Support
    • Employment Law
    • FSA Support
    • Money Laundering
  • Management Systems Consultancy
    • ISO 9001
    • SO 14001;
    • ISO 17025
    • OHSAS 18001
    • ISO 20000
    • BS 25999;
    • ISO 27001;
    • Do you need us?
    • Auditing
    • Polices and Procedures
  • Continuous Improvement
    • ISO 9004;
    • Total Quality Management (TQM)
    • Six Sigma;
    • Capability Maturity Models;
    • ServQual / RATER;
    • EQF
    • Balanced Scorecards;
  • Certification Services
    • Standards Implemented
    • Management System Implementation Methodology
    • Consultancy to Support Certification
    • Certification Body Audit Markings
    • Certification Pre-Audit Services
    • Remediation
    • Certification FAQ
  • Digital Forensics
    • Forensic Evidence Recovery
    • Expert Witness Services
• Records Management
• Training
• Standards
  • Management Systems
    • BS 25999
    • ISO 14000
    • ISO 17025
    • ISO 20000
    • ISO 27000
    • ISO 9000
    • OHSAS 18000
    • PAS 99
  • Other Standards
    • BS 10008
    • BS 10012
    • ISO 25777
    • BS 7858
    • BS 8470
    • BS 7858
    • BS 8549;
    • ISO 15489
    • ISO 19770
    • ISO 24762
    • ISO 38500
• Legislation
  • Basel II
  • Data Protection Act
  • Financial Sector Assessment
  • Financial Services and Markets Act (UK);
  • Health Insurance Portability and Accountability Act US);
  • Markets in Financial Instruments Directive (EU);
  • Miscellaneous relevant EU Directives;
  • Payment Card Industry Data Security Standards (worldwide);
  • Sarbanes Oxley (US);
  • Single European Payments Area (EU);
• Legal
  • Copyright
  • Legal Disclaimer
  • Privacy
  • Security
  • Links to other sites
• Site Map
• Contact Us
•  

---

?

Case Studies

---

BCRM is covered by strict confidentiality terms relating to all of it business, however the details below will give some idea of the range of different assignments undertaken by BCRM. It works in the following main areas:

• Security Consultancy;
• Forensic Investigations
• Business Specific - including FSA Authorisations

Security Consultancy

Major Government Department - Test their BCP to ensure that they can survive a range of scenarios. Including development of scenarios, facilitating tests and reporting of the tests.

Lloyd's Broker - Development and testing of a business continuity plan to meet the requirements of BS 25999 and their business requirements.

Management consultancy - Development and implementation of a corporate governance and risk management framework and implement it. This covered ISO 9001, ISO 20000, ISO 25999, ISO 27001, various legislation and best practice leading to certification - Ongoing

Global Research Company - Policy development for identity and role management

Software Company - Implement ISO 27001, ISO 25999, ISO 9001 and Tickit to be able certification, based in Sweden and implementation of information risk management framework. They passed

National Monetary Agency - Perform ISO 27001 consultancy and develop security architecture framework to get them through certification and implementation of information risk management framework - They passed

International Engineering Company - Gap analysis of their BCP and recommendations for rollout, including performing the work to BS 25999

Insurance Broker - creating of a BCP, implementing and testing it within the City of London to ISO 25999 standard

Consultancy - Creation of a Data Protection process and performing an audit to the 1998 DPA

University Computer Centre - perform ISO 20000 and ISO 27001 (Service Delivery and Security) rollout for certification. Development of a BCP to support the certification. They passed

Cheque Printer - Perform ISO 27001 consultancy to get them through Certification - along with APACS 55 certification. They passed

Armed Forces (Army and Navy) UK - Training in Information Security for IRCA Certificated Auditor courses. Witnessed course passed by IRCA and so course certified.

List X Company - Audit existing ADS, SSPs and SyOPS, rewrite and align with BS 7799. Redo BCP and other procedures and submit for BS 7799 certification and upgrading to ISO 27001. Passed certification.

Property Company - BS 7799 roll out so that client can achieve certification. Passed certification

Major Government Department - Perform a Gap Analysis against the Departmental security Standards and the ADS for E-business rollout. Advice on updating ADS and Departmental standards.

Smart Card Company- Perform a BS 7799 Gap Analysis, develop a risk register with supporting procedures and BCP creation. Advice and implementation for implementing BS 7799 and other related security issues.

Government Department (Police Organisation) - Perform a BS 7799 Gap Analysis. Stand in as security advisor (PKI and BS 7799) until permanent replacement found. Advice and implementation for ITIL processes and security procedures. Re-write relevant ADS'

P & I Club - Perform a Data Protection audit and make recommendations for compliance.

Rail Infraco - Develop a set of business continuity plans for the Infraco. These covered loss of facilities rather than the traditional 'railway crash' scenarios.

Major City Law Firm - Review current client facing Internet applications from a security standpoint and make recommendations for improvement. This included technical testing as well as management reviews.

International Telco - Perform ISO 17799 Gap Analysis and propose plans for implementation of adequate security to meet requirements of ISO 17799

Certification Body - Perform a number of BS 7799 certification audits for clients who require BS 7799 certification (including a large utility, a local council IT department, A manufacturing facility).

Major City Law Firm - Evaluate requirements for DRP and BCP for London office (main office). Plan and implement both plans and create templates for rollout to the remaining offices (22).

Major ISP - Perform a full BS 7799 pre Certification Audit for the ISP and recommend a way forward.

Research Establishment - Security advisor for major EEC funded Ecommerce project

Major Professional Body - - Perform a full BS 7799 pre Certification Audit for the Organisation over a number of sites, and recommend a way forward for certification.

Major Insurance Firm - Perform a full BS 7799 Audit for the firm over a number of sites, and recommend a way forward for certification.

Major City Law Firm - Performing a BS 7799 pre-audit and risk assessment to develop the SoA.

Telco - Developing a BS 7799 rollout for the whole group after doing a pre Certification Audit.

Security Consultancy - Produced and presented a number of training courses for public audiences.

General Insurance Broker - Designed and implemented a Business Continuity Plan with rollout training.

Investment Bank - Designed and implemented Business Continuity Plan to cover the 4 international bank locations (London, New York, Tokyo and Hong Kong) with rollout training.

Lloyds Broker - Audited a Lloyds Broker to BS 7799. Designed and implemented a Business Continuity Plan with rollout training.

Forensics

Forensic consultancy is carried out by Forensic Computing Ltd, a trading name for BCRM for its forensic practice

Accidental deletion of files - A consultancy had upgraded its server, which had failed and they had no backup. All their business critical data was held in Microsoft Outlook and had been lost.

Data recovery was undertaken and the files (and the business) were recovered.

False Accounting - A temporary member of staff in a manufacturing company had created a number of bogus invoices and set up a dummy company to process the payments. The member of staff was able to control both the initialisation of the payment and its authorisation.

Forensic examination of the suspect's portable computer indicated that there were none of the suspect invoices present as files but that they had been printed from the portable and that print artefacts existed enabling the actual images of the invoices to be recovered.

Email abuse - A member of staff at a consultancy complained about receiving harassing emails from a number of different email addresses. These were all thought to have come from the same person.

Forensic examination indicated that they had been sent from a single PC, even though they had been deleted from the system and the email addresses spoofed. The emails were recovered.

Lost Email - A lawyer had lost email that was critical to a case and needed to recover this to prove that an exchange of emails had taken place. There were no backups of the system.

Forensic examination recovered enough of the emails to prove the exchange of emails.

Proof of Documents - A law firm acting for a client needed to prove that a given document had, or had not, been created on or before a given date.

Forensic examination of the metadata of the file as well as that of the operating system was undertaken and this supported the claim.

419 Fraud - The police had seized a number of computers and it was required to prove that they had been used in a 419 fraud.

Forensic examination indicated that there were a number of relevant files on the seized computers. More victims were discovered that were previously unknown and, in addition to this, one of the computers, which had been stolen, was found and returned to its rightful owner.

County Police Forces - Perform various forensic recoveries and produce trial packs. Expert witness services as required.

Police Force and a number of specialised Investigation Consultancies - provide computer forensic support and evidential recovery as required. Expert witness work provided as required

Major City Law Firm - Provide computer forensic support and recovered evidence for an insurance investigation.

Business Specific

Advice for Business Start-up - provide advice for HR processes, legal compliance and general business processes for a new business start-up.

FSA Authorisation - assist a number of clients in their application for FSA Authorisation including development and implementation of processes and procedures to support this