Risk Management

Managing Uncertainty

Please click here to read about our work with The University of Warwick

Risk management is intrinsic to any organisation's strategic management and should be considered a core business process that is reviewed and updated on a regular basis. It enables an organisation to identify any potential risks it may face, analyse the potential impact of these risks and then work out the best way to address
the impact.

A sound risk management strategy will not eliminate risk altogether, but it will aid an organisation in managing risks, enabling it to maximise opportunities and minimise any unfavourable effects.

At NCC Group, we can help you to understand the risks your organisation faces, the regulatory requirements placed upon it surrounding IT, information security and corporate governance, and the implications of non-compliance.

We work with organisations to:

- Establish what risk processes are currently in place and if a risk definition guideline is introduced;

- Identify the risk appetite, risk assets and their owners;

- Gain a clear view on the risks through interviewing the risk owners and prioritise the risks above the risk tolerance threshold;

- Assist with the development of remediation plans aimed at bringing the residual risks below the risk tolerance level;

- Guide and support the organisation's staff through the remediation process.

With extensive experience of translating regulatory and legislative drivers such as the Government Security Policy Framework, the Data Protection Act and the Freedom of Information Act into practical, relevant steps, we help to ensure risk management and compliance with regulations and guidelines becomes a business issue which is central to the effective governance of your organisation.

We frequently conduct risk assessments and risk treatment exercises as part of wider information security programmes for our clients.

Our team of risk management consultants are trained in and can utilise well-known information risk management systems such as CRAMM (CCTA Risk Analysis and Method Management) and EzRisk. We hold our own copy of both and have a number of consultants with a wealth of experience in its application. We employ CLAS (CESG Listed Adviser Scheme) consultants which allows us to assist Government clients to manage information risk using HMG InfoSec Standard No 1 / No 2. We also undertake Data Handling Review and InfoSec Standard No 6 audits using our two auditors qualified after training with CESG in IS6.

When working with clients to achieve compliance or certification against Information Security Standard ISO 27001 we use a risk assessment and risk mitigation process which is directly derived from ISO 27003 Risk Management Guidelines and as experienced providers of information risk services we also present our clients with the option of using the OCTAVE methodology.

Back to Advisory home page

contact us

For more information and to find out how we can help you, please contact our advisory team on:

advisorysales@nccgroup.com

+44 (0)161 209 5288

More information

PCI DSS

Risk Management - The University of Warwick

BS 25999 - Papworth Hospital

Business process healthcheck - Hackney Homes

ITIL - University of Ulster

IT Strategy - Gateshead Housing

Enterprise Architecture - Health Professions Council

Security Testing - Scottish Police College

ISO 27001

Specification & Procurement - Derby Homes