Aston Information Security

About Aston Information Security

Aston Information Security offers information security solutions and services to public sector government and healthcare organisations. Our experienced consultants design, deliver and implement strategies in Governance, Risk Management, Compliance, Public Services Network, Supply Chain cyber security and data protection. We offer risk-based information security solutions to address uncertainty and help organisations act with integrity.

We also provide information security audits including helping public sector organisations to prepare for ISO 27001, the information security management standard.  We have a vast amount of experience in auditing and monitoring Supply Chain/Third party supplier companies, where vulnerabilities are often found. Using Open Source Intelligence (OSInt) as part of the research, we profile the cyber risk exposure suppliers can create.

Our wealth of expertise derives from our work with multiple customers and partners in the public sector, such as government security organisations, NHS trusts, third-party companies, police forces, and local government authorities. We have worked with police databases, consulting on compliance for some of the most sensitive data sets in the United Kingdom and have partnered with local governments to train staff on policy, security and legislation. We wrote the Information Security Management System (ISMS) for the UK's largest outsourcing company in order to attain their Public Services Network (PSN) certificate. We are among the UK's most experienced infosec businesses working in healthcare, collaborating with over 50 NHS Trusts so far, in information governance, and security advice and auditing. In addition we have audited their Commercial Third Parties (CTP) and business providers and provide consultancy on the NHS Data Security and Protection (DSPT) toolkit.

We are an information security partner that you can trust.

Our approach

The way we work helps us to provide versatile, proven and effective guidance to public sector entities on risk evaluation, response and management. We will work with you to assess the level of risk exposure and to implement suitable solutions.

We provide robust and comprehensive services and solutions by combining the required and essential core technical skills with years of experience in ensuring the security of information.

Our Services

Board of directors and executive management have a responsibility to be informed of the most prevalent and persistent information and cyber threats and to protect the information assets of the company. Risk is calculated by a combination of the probability of an incident occurring and its effect should it occur. Aston Information Security helps organisations control their risks by mitigating, though not inherently removing, threats and optimising opportunities. Our expert and highly experienced audit team works with companies to understand what assets are essential to them, what degree of risk exposure they are vulnerable to, and how to reduce that exposure.

IT Governance ensures investments in IT support the organisations business objectives, aligning IT and business strategies.  IT Governance provides a framework for best practice and controls within an organisation and generally sits under Governance, Risk Management and Compliance (GRC). We help organisations build and implement these frameworks to ensure compliance.

We help your organisation to gain assurances in its level of compliance with legislation, such as GDPR, while avoiding huge costs in fines and negative publicity. Our services aid organisations to understand their level of compliance with the legal and regulatory aspects of Information Management and where necessary offer training and awareness courses for staff.

We provide a wide range of both strategic and operational data security services to help you provide information assurance including:

  • Information Security
  • Risk Management/Analysis
  • Governance, Risk Management, Compliance (GRC)
  • Public Services Network (PSN)
  • NCSC Cloud Principles
  • 3rd party supplier/vendor due diligence, auditing, monitoring and risk management
  • Open Source Intelligence (OSInt)
  • The ISO 27000 Suite of standards
    • ISO27001
    • ISO27002
    • ISO27005
    • ISO27018
    • ISO27031
    • ISO27035
    • ISO27701
    • ISO31000
  • NHS Data Security and Protection Toolkit (DSPT)/NHS Information Governance
  • Cyber Essentials
  • Network and Information System Directive/Regulations (NIS Directive) (NIS Regulations)
  • Effectiveness Monitoring
  • GDPR/Data Protection
  • National Institute of Standards and Technology-Protecting Controlled Unclassified Information (NIST – 800 – 171)
  • Business Continuity and Disaster Recovery (BCP/DR)
  • Auditing and consulting
  • PCI - DSS
  • FCA

Contact us for a consultation or visit our website for more information about us.

01273 252827