The Group provides a number of services and products that broadly fit into three divisions (i) Training, (ii) Consultancy; and (iii) Publishing and Distribution.
The Group sells classroom-based training courses related to data protection, cyber security, ISO 27001 certification and related topics. The courses range from one to five days in length and are held at hired premises. Most delegates attending courses are doing so as part of their employment and at their employer’s expense. The Group also provides courses at customers’ premises for organisations who require training for a number of their employees. The courses are aimed at a various different areas of IT governance and at different skill levels. In relation to ISO 27001 for example courses range from an introduction to ISO/IEC 27001 through to becoming a lead implementer or lead auditor.
Prior to 1 April 2017 courses were predominantly held in the UK although there were a number of overseas delegates on UK courses and other courses were held via a live webinar to a domestic and international audience. Since 1 April 2017 the Group has held courses in Eire, France, Belgium, the Netherlands, Sweden, Denmark, Germany, Italy and the USA.
In addition to “in person” based training, the Group also provides online training, e-learning courses, and examinations that are required to obtain certification.
The Consultancy Division was established as a result of requests from delegates at training courses for practical assistance in designing and implementing data protection and cyber security policies and procedures for their businesses. The range of consultancy services and products supplied by the Group has grown over the years to meet the demands of clients. The consultancy services provided by the Group include (i) GRC Consultancy; and (ii) Technical Services.
- The Consultancy Division provides on-site and remote support helping organisations to design and implement data protection and cyber security policies and procedures, including preparation for and ongoing compliance with GDPR and achieving and maintaining ISO 27001 certification.
- Technical Services provides a range of services and products including:
- penetration testing, where the Group carries out an authorised simulated attack on a customer’s IT systems to test the effectiveness of the systems and procedures and to identify any weaknesses; and
- PCI DSS assessments, the Payment Card Industry Data Security Standard applies to all organisations worldwide that transmit, process or store payment card data. The PCI DSS requires such organisations to have their data protection and cyber security systems tested regularly.
- Cyber Essentials certification and consultancy, where the Group provides an accredited certification service through an online portal that helps organisations of all sizes become certified to the UK government’s Cyber Essentials scheme.
The Group attracts most of its consultancy customers as a result of online searches carried out by the customer or via training courses, recommendation or a relationship that developed over a period of time.
Publishing and Distribution Division
The Group sells books, documentation templates and software via its websites, both those it publishes or writes itself and those supplied by third parties.
Most of the books sold by the Group relate to how businesses should manage their IT risk exposures or standards published by various bodies. The Group at present publishes 145 books and pocket guides. The Group commissions authors to write books on subjects where on the basis of feedback from clients or knowledge of the markets in which the Group operates they believe there will be demand. The Group also sells titles published by third parties including; IEC , the British Standards Institution; the Stationary Office]; John Wiley; ISACA; Van Haren and Rothstein.
In addition, the Group creates and sells 37 documentation templates that are used by customers to assist them to document their IT systems and procedures.
The Group also creates and sells software solutions through its subsidiary, Vigilant Software Ltd, which also forms part of the Publishing and Distribution Division. One of the Vigilant software tools, VsRisk, provides a program for identifying and recording management decisions relating to the information security risk levels within an organisation’. The Group has also developed two more recently launched software offerings: a compliance management tool and a data flow mapping tool.
The majority of the Publishing and Distribution Division’s sales are online and require limited human intervention. The Group generates sales through the use of key words and a limited amount of “pay per click” advertising through online search engines.