Our Services

Our Services — The Service Proposition Optic

Prism RA — new name, experienced people.

Prism RA has an established suite of services which are pragmatic, appropriate and affordable for our clients, whether they are an SME, public sector organisation, or Corporate. Our services are designed to help our clients achieve their business goals, without unnecessary costs, or unwarranted technological solutions. 

Information and IT Governance

Gartner describes IT Governance as the processes that ensures the effective and efficient use of IT, enabling an organisation to achieve its business goals. 

Prism RA has devised a structured approach to help our clients to improve their approach to Information and IT Governance. We help you to understand your technology and cyber risks and needs, and how these risks could impact your business objectives and therefore, your profitability! 
Do you need assistance with:
  • Establishing an Information Governance framework       (such as COBIT®). 
  • Understanding your business risk of using                     technology and establishing an IT risk                           management process, aligned to the organisation’s       Enterprise Risk Management Process;
  • IT strategic planning and alignment to the organisation's       business goals and ambitions;
  • Change management of infrastructure, information               systems and data; and
  • IT Service management and delivery, to global industry         standards (such as ITIL).

Cyber & Information Security — Business Protection

Any organisation, no matter its size, complexity, or business sector, has a responsibility to protect the information it collects, processes and stores; relating to its customers, business partners and employees, as well as also protecting its own valuable intellectual property.

Prism RA's services are designed to help its client’s manage their security needs and to implement counter measures, which meet their business and regulatory requirements. Our holistic approach to cyber security consists of a blend of protective elements - 
People
People, in security terms, are often referred to as the weakest link. Well why not make them your strongest defense?
Process
For People to do the right things, in the right way and to do them well, Processes need to be well defined. 
Technology
Our trusted Technology partners bring pragmatic and innovative solutions, helping to effectively protect your business.
People
  • Recruitment and vetting procedures, including Human Recon;
  • Culture Change — changing       behaviours to a security             aware culture;
  • Education & training;
  • Ongoing awareness.
Process
  • Information security policies and procedures;
  • Preparing for:
    • ISO 27001 certification;
    • NIST CSF (Cyber Security Framework);
    • Cyber Essentials;
    • PCI DSS;
    • UK Protection Act 2018 (GDPR); 
  • Incident management and response; and
  • Business continuity/disaster recovery management, including ISO 22301 and BS 25999.
Technology
  • Penetration testing — using “ethical hacking” techniques to test IT perimeter and internal security, as well as social engineering;
  • Automated Penetration Testing;
  • SOC as a Service;
  • Threat Intelligence;
  • Human recon;
  • Continuous breach detection; and
  • Secure email.

Third Party / Supply Chain Assurance

Technology is at the heart of business operations and organisations are using (and therefore relying) upon an array of third party suppliers to help deliver these solutions. 
Organisations often don't have a clear understanding of who their key suppliers are in the end-to-end supply-chain and their impact on the control environment. Do you understand how your suppliers are managing their risks and yours? Have they implemented appropriate governance and controls to ensure the products and services are provided in accordance with your standards?
Furthermore, regulations such as GDPR and the requirements of PCI DSS require organisations to effectively manage their business relationships.
Do you need assistance with - 
  • comprehensive risk assessment of the key suppliers in the supply chain;
  • new supplier assessment and due diligence;
  • ongoing third-party supplier assurance assessments; and
  • third Party Assessment Tools.

Programme/ Project Assurance

There have been many well published projects which have ended in disaster due to mis-management of the implementation of new IT systems. Prism RA can help to improve the chances of success, by providing independent assurance and critical challenge throughout the end to end programme/project lifecycle, to ensure that the programme/project is being effectively managed. 
Prism RA’s services include the following:
  • selecting the right solution for the organisation’s                 business needs;• independent review of the current           status of a programme/project;
  • programme/project recovery;
  • programme/project governance;
  • use of methodologies (such as Prince 2; MSP; Agile);
  • programme/Project Board coaching and mentoring;
  • programme/project risk management;
  • programme/project reporting; and
  • establishment of a Project Management Office (PMO).

IT Audit/Assurance

Good governance requires regular independent compliance and assurance. Prism RA undertakes a wide range of compliance and assurance reviews to help organisations to assess their management control capability and operating effectiveness, and to provide independent reporting to senior management, audit committees, etc. 
Prism RA services include:
  • Provision of an IT internal audit service, or resources         for a specific audit assignment;
  • Office 365 Email Threat Assessment
  • Building, implementing, and assessing the IT Controls       Framework
  • Managing shadow/grey IT
  • PCI DSS assessment;
  • Programme/Project assurance;
  • Compliance with ISO standards, such as: ISO                   27001/02; ISO 38500; and ISO 31000;
  • UK Data Protection Act 2018, including GDPR          compliance assessment;
  • SOx management controls testing;
  • Independent Attestations, e.g. SOC 2, ISAE 3402 etc.; and
  • SOC Assurance, is your SOC working effective and as you expect?
  • Training, class room and “on the job” skills transfer.

Data Analytics &

Digital Forensics

Data, Information, Knowledge and Intelligence are the lifeblood of any organisation. 

We help businesses get more from their data. This includes:
  • providing training in various tools;
  • data mining and analytics, to provide information to help management make effective business decisions;
  • assisting audit, risk, compliance, IT, finance and fraud prevention departments, to get more insight from their data; and
  • digital Forensics, providing evidential capture, analysis and expert witness reporting of electronic devices including phones, laptops, servers, etc.

3d models

Software Tools

Do you have an effective method to capture and monitor your governance and risk frameworks? We provide Galvanize High Bond and Prism GRC as tools to help our clients centralise their risk management processes.
Enterprise 
  • Galvanize High Bond
HighBond is an end-to-end enterprise platform, to create stronger security, risk management, compliance, and assurance. It connects these professionals with the answers that drive change—so they can work better together and protect the organisation.
SME/Middle Market.
  • Prism GRC
Provides an entry-level GRC solution, which is intuitive, easy to use and at an affordable price point. Start with the assessment module and build you way up to a full GRC solution. 
Share by: