Service Finder

Check out our service finder to help find the right service for you.

Need some help?

Speak to an expert. Contact our "Factory Foreman" and he can answer any questions you may have.

Call us at: 0800 978 8139

Let us help you

Security governance, risk and compliance services can be confusing. What do you do first?  What do you do after that? It’s not always clear. To help you find the right service at the right time we have broken them down into three logical steps:

Step 1: Identify the Risks

The place to start is at the beginning and you do this by first identifying and quantifying the threats to your information. Risk Factory offers the following services to help you do this:

Information Security Threat & Risk Assessment

An Information Security Threat and Risk Assessment is the process to define, locate and categorise the information assets associated with your business, determine the security threats and vulnerabilities associated with those assets, and to mitigate those threats in line with your business goals.  

More information
PCI Compliance Gap Analysis

A PCI Compliance Gap Analysis is usually the very first step you take to understand your current compliance status. It provides a detailed comparison of what your business is currently doing against what it should be doing to be compliant to the PCI DSS regulation.

More information
DPA Compliance Gap Analysis

A DPA Compliance Gap Analysis is the starting block for your data protection compliance efforts. It provides a detailed comparison of what your business is currently doing against what it should be doing to achieve compliance to the United Kingdom Data Protection Act legislation.

More information
ISO-27001 Compliance Gap Analysis

An ISO-27001 Compliance Gap Analysis is the process of identifying what your business is currently doing to protect its information assets and comparing that to what it must do to be compliant to the ISO-27001 Information Security Management System (ISMS) standard.

More information
Network (External) Security Vulnerability Assessment

Using special scanning software, a Network Security Vulnerability Assessment identifies security weaknesses such as configuration flaws, excess builds, missing security patches, updates or fixes or programming errors on your internet facing systems.  

More information
Network (Internal) Security Vulnerability Assessment

Using special scanning software, this Network Security Vulnerability Assessment identifies the security configuration weaknesses and flaws on the internal devices deployed on your system.  

More information
PCI ASV Security Vulnerability Scanning

PCI ASV Security Vulnerability Assessment Scanning is the process required to identify security vulnerabilities associated with the exterior-facing Internet Protocol (IP) addresses of the Card Data Environment (CDE) on your network.

More information
Website Security Vulnerability Assessment

A Website Security Vulnerability Assessment is the method for identifying security holes, flaws and weaknesses associated with your website.  

More information
PCI Website Vulnerability Assessment

A PCI Website Security Vulnerability Assessment is the method for identifying application-level security holes, flaws and weaknesses associated with a website that processes, stores or transmits cardholder data.

More information
Website Security Penetration Test

A Website Security Penetration Test is the method for evaluating the security integrity of your website by simulating an attack from a hacker.  

More information
Network Security Penetration Test

A Network Security Penetration Test evaluates the effectiveness of your network security by simulating an exterior attack from a hacker. 

More information
PCI Website Security Penetration Test

A PCI Website Security Penetration Test is the method for evaluating the security integrity of a website that processes, stores or transmits card holder data by simulating an attack from a hacker.

More information
PCI Network Security Penetration Testing

A PCI Network Security Penetration Test is the method for evaluating the security integrity of a network that processes, stores or transmits card holder data by simulating an attack from a hacker. 

More information
Cloud Security Assessment

A Cloud Security Assessment is the process of identifying vulnerabilities such as configuration flaws, excess builds, missing security patches, updates or fixes and programming errors on the systems comprising your cloud platform.  

More information
Cyber Essentials

Cyber Essentials is a certification scheme that has been developed by the Government and industry to help protect organisations against common online attacks. Cyber Essentials is mandatory for central government contracts advertised after 1 October 2014 which involve handling personal information and providing certain ICT products and services.

More information
Cyber Essentials Plus

Cyber Essentials is a certification scheme that has been developed by the Government and industry to help protect organisations against common online attacks. Cyber Essentials is mandatory for central government contracts advertised after 1 October 2014 which involve handling personal information and providing certain ICT products and services.

More information

Step 2: Minimise the Risks

Having identified the threats to your information, you should then address them appropriately. Risk Factory offers the following services to help you do this:

Information Security Consulting

Risk Factory will supply a certified and experienced information security risk management professional to assist you with your requirements on either a day or project rate basis.  

More information
Information Security Policies

Information Security Policies provide a comprehensive baseline for identifying what must be done in your organisation to protect your business information assets. Good policies are simple, pragmatic, and should be clearly communicated to your employees from the top down. 

More information
PCI Security Policies

The PCI Security Policies provide a comprehensive set of documents that identifies what must be done in your organisation to protect the credit and debit cardholder data your business processes, stores or transmits.  

More information
DPA Security Policies

DPA Security Policies provide a comprehensive document that identifies what must be done in your organisation to protect the personal and sensitive information you process. Good policies are simple, pragmatic, and should be clearly communicated to your employees from the top down.  

More information
Application Secure Coding Guidelines

Application security coding guidelines are published step-by-step procedures used for developing robust code for business critical applications such as CRM's, websites and shopping carts.  

More information

Step 3: Manage the Risks

Having addressed the risks you then need to stay on top of them. This is done by routinely implementing the Services in Step 1 and the applicable remediation and policy updates in Step 2 and then by educating your employees on the risks and the polices in place to address them. Risk Factory offers the following services to help you do this:

Information Security Awareness Training

Information Security Awareness Training is a process to ensure that your employees realise the risks to your business information and understand and accept their specific responsibilities for protecting it.  

More information
PCI Security Awareness Training

PCI Security Awareness Training is the continuous process to ensure that your employees understand the security risks to the credit and debit cardholder data that your business process, stores or transmits and the minimum requirements for its protection.

More information
DPA Security Awareness Training

DPA Security Awareness Training is a continuous process to ensure that your employees understand the risks to the personal and sensitive identifiable information that your business processes, stores or transmits.

More information
Cyber Security Insurance

What is it?

Cyber insurance is a risk transfer product that protects your company from a wide range of cyber and electronic risks and third party exposures including:

More information

If you still need more help, visit the Frequently Asked Questions or Help & Support or speak with our Factory Foreman at: 0800 978 8139