A company’s Information Security Management System should support its business strategy, not constrain it. We put the strategic needs of our clients businesses first, determining the scope of the company’s ISMS so the boundaries can be clearly defined such that the ISMS supports the business’s long-term goals.
At Brier & Thorn, we value IT risk management as an integral and potentially differentiating component of a business, not a cost center. We help clients transform their organizations; designing, building, testing, and implementing a formal information security management system to keep pace with consumer expectations of privacy and security of their data, maximizing value in turnaround situations and ultimately, developing IT risk management operating models that make our clients more agile.
A short primer on the ISO 27001:2013 implementation process from beginning to end.
A company’s Information Security Management System should support its business strategy, not constrain it. We put the strategic needs of our clients businesses first, first determining the scope of the company’s ISMS so the boundaries can be clearly defined such that the ISMS supports the business’s long-term goals.
We help clients confidently identify and treat risks to their IT assets, ensuring their ISMS is agile and effective, whether using the Deming cycle, Lean Six Sigma, DMAIC or DMADV models that equip them to cut through the noise of fleeting information security technology trends to create enduring results that focuses less on the technology and more on the people behind it.
Our team includes risk management professionals, certified ISO 27001 Lead Auditors, and Six Sigma Black Belt Project Managers who have completed more than 120 projects across 71 countries. We draw on this global experience to help solve our clients’ most complex risk management challenges, including how to design, build, test, and implement an ISO 27001 ISMS.
Our experts are thought leaders in IT risk management who are especially adept at helping companies rebuild their ISMS after major business transformations, such as divestitures, M&As, or re-inventions of their risk, audit, and compliance organizations to become more nimble and agile.
We bring a multidimensional array of IT risk management capabilities that help our clients address four key elements of their IT risk management programs:
IT Risk Management Strategy. IT risk management is the application of risk management methods to information technology in order to manage IT risk. We help clients that have bastardized security control frameworks that resulted from the turnover of IT security leaders over time who implemented fractured IT security controls into the environment with no clear control objective. Our clients had once grown tired of the deployment of partially implemented, disjointed controls that went unmonitored and are incongruous parts of a necessary whole because of the trend bandwagon. Together, we’ve jointly designed, built, tested, and operationalized an ISMS strategy aligned with the needs of the business.
ISMS Program Improvement. An underperforming ISMS that is not producing metrics for a holistic improvement can negatively impact business performance. We work with companies seeking to address the inefficiencies of their ISMS to not only reduce waste, but to also improve and develop capabilities that enables secure innovation and agility.
IT Risk Management M&A. Synergies in enterprise risk are key to successful mergers, acquisitions, divestitures, and separations, but too often they are overlooked early in the planning. We have a rich heritage of experience in the divestiture and separation of companies from planning to ISMS program separation. We help companies design, build, test, and implement the changes in their IT risk management program to accommodate changes in business structure.
IT Risk Management Project Effectiveness. We help clients maximize the business results from major risk, audit, and compliance initiatives, including turnaround programs. We help executives evaluate the case for IT security control investments, set up projects for success, or place current projects on the right track, to ensure they capture value when implementing new security controls to address confidentiality, integrity, and availability of IT assets into the enterprise.
Rebooting the ISMS. Many companies face a mismatch when it comes to the ability of their risk management or IT security teams to fulfill increasing customer expectations. Our experts help companies transform legacy risk, audit, and compliance programs into operationalized information security management systems designed to enable the business.
We share our clients’ ambitions working to understand their reality and deliver true results – focusing on strategic decisions and practical actions. We align our incentives with our clients’ objectives so they know we’re in this together as a closely-held partnership.
Manufacturer builds confidence with utility companies by retaining Brier & Thorn as new MSSP to build ISMS program, win ISO 27001 certification, and successfully meet SOC2 Type 1 attestation.
Transworld Systems, Inc. retained by Platinum Equity and Answerport in divestiture from Expert Global Systems to build new ISO 27001:2013 ISMS, SOC2 attestation, and meet Level 1 Service Provider PCI compliance.