Services

We help you design, implement and maintain an information security management system aligned with ISO 27001, sized correctly for your organisation and risk profile.

Implementation

• Initial gap analysis and scoping
• Risk assessment and treatment planning
• ISMS policies, procedures and controls
• Support for implementation and rollout
• Preparation for certification audit

Consulting and ongoing support

• Internal ISMS audits and health checks
• Support for surveillance and recertification audits
• Advisory on improvements and new risks
• Training for management and staff

ISO 42001 provides a framework for governing AI responsibly. We help you design an AI management system that aligns policies, controls and monitoring with the risks in your AI use cases.

Implementation

• Scope definition across AI systems, models and suppliers
• AI risk assessment, governance model and control mapping
• Policies for data quality, transparency and accountability
• Procedures for model development, validation and release

Consulting and oversight

• Internal audits focused on AI controls and documentation
• Assurance support for EU AI Act and sector expectations
• Training for product, engineering and compliance teams
• Improvement roadmaps and evidence for certification

Resilient organisations understand which processes and assets are critical and how to keep them running during disruption. ISO 22301 provides a proven framework for this.

Implementation

• Business impact analysis and risk context
• Continuity and recovery strategies
• Plans for crisis management and communication
• Exercises and scenario-based tests

Consulting and exercises

• Review of existing continuity arrangements
• Facilitated tabletop and simulation exercises
• Improvement roadmaps and prioritised actions
• Integration with risk, security and compliance

New regulations such as NIS2 and DORA increase expectations on governance, risk management, incident reporting and third-party oversight. We help you understand what is required and implement it in a practical way.

NIS2

• Scope, applicability and impact analysis
• Gap assessment against NIS2 requirements
• Implementation roadmap and prioritisation
• Support for incident reporting processes

DORA

• Assessment of DORA obligations for financial entities
• ICT risk management framework design
• Digital operational resilience testing support
• Third-party and ICT service provider governance

GDPR

• GDPR gap analysis and remediation planning
• Support for data mapping and records of processing
• Data Protection Impact Assessments
• Privacy notices, policies and staff training

For organisations that need senior guidance but do not require a full time CISO, Xiphos provides fractional CISO and ICT risk advisory services.

Advisory focus areas

• Security and risk strategy aligned with business goals
• Governance, reporting and board communication
• Support during incidents, crises and audits
• Mentoring for internal security and IT teams

Engagement models

• Retainer based advisory with regular sessions
• Project based support for major initiatives
• Workshops for leadership and key stakeholders

Independent audits and health checks provide an objective view of your current security, continuity and compliance status.

• ISMS internal audits and pre certification reviews
• Business continuity and resilience assessments
• Risk management framework reviews
• Supplier and third-party risk evaluations