Tekgem GRC
Governance, Risk & Compliance
Our tried and tested methodology is split into 5 stages enabling you to understand and manage cyber risks in respect to both safety and essential business operations as well as your regulatory obligations.
01 Cyber Security Health Check Assessment
Our industrial cyber assessments lay the foundations for managing security risks efficiently and effectively. We publish an initial briefing document which details the assessment scope, agenda, timelines and deliverables. We also supply a questionnaire and carry out an information gathering exercise so that when we arrive on site for the actual assessment, we already have a thorough understanding of your people, processes and technology. Whist on site, the assessment will involve time speaking to your team to understand your governance in respect to managing risk. We will then take a deep dive with supervised access to your infrastructure and systems. Once the site visits are concluded, we prepare and publish a detailed output report.
SITE VISIT
Elements included in the health check:
- Policies & Procedures including any standards or frameworks you follow
- Network Access including routing, switching and firewalls
- Endpoint Protection including antivirus and associated technologies
DETAILED OUTPUT REPORT
This includes:
- Executive management summary
- Feedback on the effectiveness of current environment – what’s working well, what has not worked, what could be done better, what you’re currently not doing and should be etc.
- Set of detailed recommendations for improvements if & where required with associated priority and fix ratings
It is important to conduct the IACS Health Check at the start of our engagement so that we can understand your people, processes and technology in detail. This helps us to develop a roadmap with clear milestones for any additional stages you may need in order to secure your environment as fully as possible.
02 Cyber Security Management System
To manage cyber security effectively, it is widely recognised that having a formally documented CSMS is a key governance component. Tekgem have successfully developed a cyber security management system that we individually tailor to each customer and their organisation.
Tekgem’s CSMS is aligned with the HSE OG-0086 and the NCSC CAF and consists of 14 policy documents for the management of cyber security in your environment. Each policy is aligned to one of the four core objectives: Managing security risk, protecting against cyber attack, detecting cyber security events, and minimising the impact of incidents, and are tailored to fit your people, processes, and technologies.
03 Cyber Security Risk Assessment
Tekgem have developed a risk assessment methodology that aligns with IEC62443 international standards and HSE COMAH & NIS regulations.
There are numerous definitions of risk, depending on the entity used to define it, yet they all tend to contain several common elements. The definition aligned with the concepts of risk applied to industrial cyber security is from the International Organization for Standardization (ISO) who defines risk as “the potential that a given threat will exploit vulnerabilities of an asset … and thereby cause harm to the organization.” From this definition, it is illustrated that risk is a function of:
- The likelihood of a given Threat Event
- Exercising a particular “potential” Vulnerability of an asset
- With resulting Consequences that impact operation of the asset
Once the risk assessment exercise is complete, we prepare and publish a detailed & comprehensive risk assessment report to demonstrate both business and regularity compliance.
04 Transformational Projects
As a technology company first and foremost, we have extensive engineering skills and experience designing and implementing secure solutions. We are able to plan and deliver recommended improvement activities that match your new cyber security policies & standards based upon your key priorities.
Typically, this work includes breaking out into defence-in-depth transformational projects to deliver specific solutions to improve your cybersecurity capabilities.
- Secure Remote Access
- Secure System Configuration Implementation
- Centralised Endpoint Protection infrastructure
- Centralised Backup, Recovery & Disaster Recovery Solutions
- Security, Health & Performance Monitoring
- Secure File Transfer Systems between IT/OT
We are vendor agnostic and as such work with a whole host of different vendors to provide the best solution for you. From our extensive experience we have also developed our own products to fill the gaps that other vendors couldn’t. For secure file transfer see Tekgem Shield, and for security monitoring see Sentinel.
05 Continuous Improvement
We are able to provide ongoing operational support and continuous improvement activities as a valued partner to your organisation. Whether you prefer us to look after all of your cyber security operations as a fully managed service or to work together with your internal teams, we are flexible enough to provide tailored packages to meet your requirements.
For more information see our Tekgem Loop page.