Frequently Asked Questions

I wish to send an email containing sensitive information to Security Management Consultants. How should I send it?

Firstly, do not send us emails containing sensitive information unless we have agreed this, in writing, in advance.  We routinely discard unexpected incoming emails and incoming emails with unexpected attachments.

  1. Do not include sensitive information in the subject or body of the email.
  2. Attach the sensitive information to the email in one of two ways:
    • As encrypted/password-protected Microsoft Office files protected with a strong password/passphrase of 14 or more characters.  Do not include sensitive information in the filenames; OR
    • As files within an encrypted ZIP archive. Programs such as 7-ZIP and WinZIP support encryption. Use a strong password/passphrase of 14 or more characters that includes uppercase letters, lowercase letters, digits, symbols and punctuation marks. Do not include sensitive information in the filename of the ZIP archive or in the filenames within it.
  3. Advise us of the password/passphrase by telephone using the number agreed in advance.  If there is no answer, do not leave the password/passphrase within a voicemail message.

Please note that for existing customers we will usually have an agreed passphrase that will remain in force for an agreed period or until it is known, or suspected, to have been compromised.

Does Security Management Consultants perform penetration tests?

No. If a client requires that penetration testing be carried out we normally suggest using a company that is a member of CREST.

Does Security Management Consultants deliver public training courses?

No, training is delivered only as part of the change and compliance programmes we run for individual client organizations.

Does Security Management Consultants LTD certify organisations or management systems?

No. We are not a certification body. We help organisations design and implement management systems that are appropriate for their business and comply with the requirements of relevant standards such as ISO 27001. However, we can guide organisations through the process of being formally certified and have successfully assisted many organizations in this way. To find out more about accredited certification bodies in the UK, please visit the UKAS website.

Where can I buy British and International Standards such as BS EN ISO 27001?

In the past we found that it was advantageous to ‘shop around’ to see if resellers of standards offered cheaper prices. Today we don’t see much variation in pricing and so normally just use the BSi Shop or the ISO Store.

Security Management Consultants LTD is not a reseller of International or British Standards.

Does Security Management Consultants LTD recommend using certification bodies that are not UKAS-accredited?

No.  We recommend that our UK clients select UKAS-accredited certification bodies when seeking formal certification to ISO 27001, ISO 14001, ISO 9001 and other internationally-recognised management system standards.