Our Process

A simplified way to address your governance, risk and compliance issues

Need some help?

Speak to an expert. Contact our "Factory Foreman" and he can answer any questions you may have.

Call us at:  0800 978 8139

Factory Fact

One in three employees have taken or forwarded confidential information out of the office on more than one occasion

Let us explain our process:

Information risk management has become essential for any business on the planet that processes, stores or transmits data. Why? Because we now live in a world where all data has intrinsic financial value.

It’s no longer just about protecting financial transaction data from hackers. Customer databases holding personal and sensitive data are now priority targets. It’s rightly said that data is the oil of the information age.

Data is now a business asset. Businesses that process information without understanding its inherent value and fail to implement appropriate safeguards have found themselves targets of hackers.

But where do you start? Like anywhere else – you start at the beginning. Effective information risk management is a process that begins with answering the following three questions:

  • What are you trying to protect?
  • Why are you trying to protect it?
  • What will happen if you fail to protect it?

Be sure of your answers. Take your time. Get them right. Because they will define your businesses information risk management priorities and objectives.

Only after you understand what information assets you have to protect and the reasons why can you then establish a system to manage the risk associated with losing it.

At Risk Factory we advocate a simple 3-step approach helping you to identify, minimise and manage the risks to your business.

Our straight forward explanations and icons will help you to find the information you need and understand where your journey may start.

Let us introduce you to our icons:

Identify Risk Icon   

Step 1: Identify: The first step is to “identify” as many of the security risks to your information assets as you can. This is done by conducting an information security threat and risk assessment and then doing things like vulnerability scanning and security penetration testing of the network to find the specific security weaknesses on those devices hosting your information assets. Risk Factory services designed to help you identify risks to your business information assets are indicated by our “Goggles” icon.

Minimise Risk icon   

Step 2: Minimise: Once you have conducted a gap analysis of your business to identify the risks, the next step is to implement a framework of controls to minimise the threats to these information assets. This is usually done by aligning your security controls to a compliance standard or best practice framework such as PCI, GDPR or ISO-27001. You will then need to lay out a prioritised road map of things you need to fix to meet the framework. Risk Factory services designed to help you minimise risks to your business information assets are indicated by our “gloves” icon.

Hard hat - Manage Risk icon  

Step 3: Manage: Finally, when all policies, processes and plans are implemented to ensure you meet the information security standards you've set for the company, you need to implement a security awareness program for your employees to ensure they are trained to understand the importance of information security to your business. Risk Factory services designed to help you manage risks to your business information assets are indicated by our “hard hat” icon.

Factory Foreman

Let us introduce our Factory Foreman who is here to answer any questions you may have and guide you to the information you need.

Don’t hesitate to give him a call and ask him any questions you may have regarding the process or an applicable service. That’s his job.