.
   

A few of the questions
we are asked most often:

“How many staff do you have?”

We work with carefully selected associates, who bring the most appropriate skills and experience to every project.
Thus, we are able to call on a very large reservoir of staff, with diverse skill sets.

 

“Do you only handle large projects?”

No.
Although we define, develop and deliver major government and commercial systems, applying Resilience and Security, we offer the same services to small and medium-sized operations.
We provide infrastructure design, structured cabling, security policies and a wide range of support services.

 

“How do you define Resilience?”

Underpinning business critical operations and systems, so that they can survive damage or failure and continue to deliver all, or selected parts, of their services without interruption.
Prevention is better than cure; the system should have resilience designed into it from Square One. There should be no single points of failure.
A less costly alternative is to apply resilience to key items in the end-to-end system.
Whether systems and processes must be ‘always there’, 24/7, or can have a certain amount of ‘down time’ is, ultimately, a business decision.

 

“What is the difference between Business Continuity
and Disaster Recovery?”

Business Continuity ensures the security, availability and integrity of key business processes, systems and information.
It involves decision-making at the highest level, in order to prioritise the restoration of services, should they fail.

Disaster Recovery is the process by which Business Continuity is achieved. It requires careful planning and close co-ordination between suitably qualified professionals.

 

“How do you approach risk?”

There is no such thing as a totally risk-free activity.
An attempt to eliminate risk may outweigh the value of the system(s) you are seeking to protect.
Having identified the risks, it is then a business decision whether to mitigate, manage, or accept them.
Risk Management is a continuous business. Circumstances change, during the evolution of any process and system. Many, that start as small back office operations, become crucial to the survival of the enterprise – despite which risk management and business continuity are neglected.
Our experience includes 50+ government accreditations. We are ISO27001/ ISO17799 implementers and lead auditors.

 

“What is your approach to security?”

We see it as a fundamental business enabler.
Security oversight, Information Assurance and logical/physical security services should be handled at the highest, i.e. board level.
At the process and system level, this responsibility is linked to an audit function – though they are not the same – and should result in certifiable systems. Typical government and commercial standards include:

  • Government Security Accreditation in accordance with HMG standards
  • Certification to ISO27001 and ISO17799
  • Compliance with ISO27001 and ISO17799
  • Certification to an ITSEC or Common Criteria Assurance level
  • Compliance with 'Commercial Best Practice' - which varies between industries
  • Compliance for connection to the Government Secure Intranet (GSI) standards

 

“I bought a virus checker with my new system.
Why am I still getting viruses?”

Several thousand new viruses – properly known as malicious codes – are designed and released each week.
There is an entire industry devoted to providing anti-virus products. However, all these products need regular updating – and, ideally, you should check the vendor’s website for updates, on a daily basis.

To discuss the ways in which we could enhance the Resilience and Security of your organisation,
simply ring +44 (0) 118 976 7544
Meanwhile, have a look at Advice

 

ECA Homepage | About Us | Services | Frequently Asked Questions | Case Studies | Advice | Links | Terms of use | Link to this page