Security governance is the process of establishing and maintaining a framework to provide assurance that information security strategies are aligned with and support business objectives, are consistent with applicable laws and regulations through adherence to policies and internal controls, and provide assignment of responsibility, all in an effort to manage risk.

Information Security Management System (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach. Certigo can assist in setting up an ISMS for your organization if you don’t already have one. If you already have an ISMS then Certigo can provide an independent review of your security framework, to ensure it is aligned with your organization’s strategic aims and its operational risk management practices. A well-structured ISMS often delivers the following outcomes:

  • Clear accountabilities for the management of infosec risk

  • Risk decisions made in a structured and consistent manner

  • Baking security into the project lifecycle

  • A common understanding of the threats facing the organization


Security Policy or a set of security policies are the documents that describes the security controls that govern an organization's systems, behaviour, and activities. It is crucial to develop a suite of security policies before implementing any security solutions. Using structured interviews and documentation reviews, Certigo can assist you in developing a security policy suitable to your organization against industry benchmarks and reference frameworks.

Certigo also offers a Virtual CISO service for organization who do not have senior information security practitioner in-house. Our experienced security professionals can be seconded to your business to provide guidance to improve your organizational IT security posture.