Case Studies

BCRM is covered by strict confidentiality terms relating to all of it business, however the details below will give some idea of the range of different assignments undertaken by BCRM. It works in the following main areas:

Medical Devices Organisation – integrating the requirements of HIPAA into their existing ISO 27001 and ISO 13485 certified systems.  

Financial Clearing House – upgraded their ISO 27001:2005 to ISO 27001:2013 with a scope expansion and taking them through to gain a certificate of registration. They passed (Duration 3 months).

International Risk Consultancy – advice on ISO 27001 scope expansion and detailed gap assessment for the revised scope across 4 countries (Duration 6 months).

National Broadcasting Organisation – advice on governance risk and compliance for a new broadcasting channel for consumers based on ensuring appropriate data custodianship and governance – used ISO 27001 as the benchmark. Reporting to the Launch Director (Duration 3 months)

Telco – Lead the Telco to ISO 27001 certification for their smart metering rollout of 53 Million smart meters in 20 Million homes. This included integration of existing disparate systems including the CAS(T) / PSN backbone and associated infrastructure. Reporting to the CISO. Took them through ISO 27001 Certificate of Registration. They passed. (Duration 18 months)

Creative Consultancy – provide ongoing advice for their migration from ISO 27001:2005 to ISO 27001:2013 and integration of ISO 9001 and ISO 20000 into their IMS. Reporting to the IT Director (Duration 3 months)

P&I Club: Implement a governance and compliance process based on ISO 19600 and FCA guidance. Provide training for implementation. Governance, risk and compliance implementation. Reporting to the Managing Director (Duration 6 months)

Lloyds Shipping Broker: Work with the Governance and Compliance Director to create an integrated management system for governance, risk and compliance including FCA / PRA Handbooks, ISO 9001, ISO 27001, ISO 19600 and BS 10500. Provide training for implementation. (Duration 3 months)

Cyber Security Consultancy – Consultant working on management system implementation and auditing (ISO 27001, 9001, 20000, 22301, 17025, 17021). Multiple clients in Financial Services, Telcos, Government and general commerce. Job title was Cyber Security and Governance Specialist. Also was the worldwide Lead for ISO management systems. (Duration 12 months).

Cloud and Outsource Service Consultancy – Perform ISO 27001 consultancy to get them through Certification be developing an IMS with relevant supporting policies and procedures. Performed internal audit function doing first and second party audits and gap analyses for their key suppliers. – They passed (Duration 6 months)

Government Department – created their security management plan, based on ISO 27001 SPF and supporting standards, for the whole department.

Creative Consultancy – Perform ISO 27001 consultancy to get them through Certification be developing an IMS with relevant supporting policies and procedures. Performed internal audit function doing first and second party audits and gap analyses. .Acted as interim Information Security Officer. – They passed (Duration 12 months) 

Telco – Gap analysis of major Telcos merging to identify gaps and recommend remediation for the new joint venture. Work is based on SarbOx, ISO 27001 and PCI DSS compliance (Duration 6 months).

Identity Management Start-up – Develop policies and procedures for a truly integrated peer to peer legal interoperability platform. Case studies included Health, XBRL, Law Firms, Smart Metering, Government / Citizen Services, SEPA. (Duration 18 months). 

National Monetary Agency – Integrate ISO 9001 and ISO 27001 processes into a common IMS eliminating overlap and streamlining process. Leave stubs for ISO 20000 and PCIDSS, but covering relevant parts of them as part of ISO 27001 rework. Act as Head of Quality, Risk, Compliance and Information Security – They passed Recertification (Duration 6 months).

National Monetary Agency – Perform ISO 9001 consultancy and develop quality management continuous improvement processes to get them through certification and implementation of a quality management framework to continuously improve the business. This is to integrate with the ISMS developed in 2007 and their PCI DSS processes and forms part of their IMS – They passed (Duration 12 months).

Defence Contractor – Write a security plan for them for a multi-billion pound security contract for a government department – ISO 27001, ISO 9001 , JSP 440, HMG InfoSec Standards (ISx, Memos and GPG) and integrated management systems (Duration 1 months).

Data Analytics Company – Perform ISO 27001 consultancy to get them through Certification – They passed (Duration 9 months).

Lloyd’s Broker – Development and testing of a business continuity plan to meet the requirements of BS 25999 and their business requirements (Duration 12 months).

Management consultancy – Development and implementation of a corporate governance and risk management (GRC) framework and implement it. This covered ISO 9001, ISO 20000, ISO 25999, ISO 27001, various legislation and best practice leading to certification (Duration 18 months).

Global Research Company – Implement ISO 27001, ISO 25999, ISO 9001 and Tickit to be able certification, based in Sweden and implementation of information risk management framework. They passed (Duration 30 months).

National Monetary Agency – Perform ISO 27001 and PCI DSS consultancy and develop security architecture framework to get them through certification and implementation of information risk management framework – They passed (Duration 12 months).

International Consultancy – Policy, procedure and consultancy advice for Digital Identity management. (Duration 6 months).

Consultancy – Creation of a Data Protection process and performing an audit to the 1998 DPA (Duration 6 months).

University Computer Centre – perform ISO 20000 and ISO 27001 (Service Delivery and Security) rollout for certification. Development of a BCP to support the certification. They passed (Duration 12 months).

Armed Forces (Army and Navy) UK – Training in Information Security for IRCA Certificated Auditor courses. Witnessed course passed by IRCA and so course certified.. (Duration 1 week).

List X Company – Audit existing ADS, SSPs and SyOPS, rewrite and align with BS 7799 and ensure compliance with IS1/2, GPGs and other relevant CESG guidance). Redo BCP and other procedures and submit for BS 7799 certification and upgrading to ISO 27001. They passed (Duration 6 months).

Investment Bank – Compliance audit including SOx, GLB, PCI DSS and BS 7799 with recommendations for closing the gap identified (Duration 3 months).

 Cheque Printer – Perform ISO 27001 consultancy to get them through Certification – along with APACS 55 certification. They passed

Rail Infraco – Develop a set of business continuity plans for the Infraco. These covered loss of facilities rather than the traditional ‘railway crash’ scenarios.

Major City Law Firm – Review current client facing Internet applications from a security standpoint and make recommendations for improvement. This included technical testing as well as management reviews.

Major City Law Firm – Evaluate requirements for DRP and BCP for London office (main office). Plan and implement both plans and create templates for rollout to the remaining offices (22).