About InfoSec North

Our Location

Based in Mirfield, West Yorkshire, we’re close to the professional hubs we serve every day as well as transport links for both sides of the Pennines.

Address

Spring Place Court, Mirfield

Hours

9am - 5pm

FAQs

What is a security Framework?

A security framework is a structured set of standards, controls, and best practices used to manage and protect information securely. It provides organisations with a clear way to identify risks, implement appropriate controls, and demonstrate compliance with legal, regulatory, and contractual requirements.

Common security frameworks include ISO 27001, Cyber Essentials, NIST, and the NHS DSPT. Some form part of a wider audit such as SOx, SOC II, and Lexcel. These frameworks help organisations take a consistent, risk-based approach to information security, ensuring sensitive data is protected and that security practices can be measured, audited, and continually improved.

What is the difference between Cyber And Information Security?

Cyber security focuses on the direct protection of systems and networks from technical threats. Information security is broader and includes people, processes, data, governance, and compliance. It ensures sensitive information is protected wherever it exists and that controls are appropriate, documented, and auditable. Cyber Security is just one part of an effective Information Security programme.

Which security framework is right for our organisation?

That depends on your size, sector, data, and regulatory obligations. Some organisations may need Cyber Essentials, while others require ISO 27001 or sector-specific frameworks. We help you understand what is proportionate and appropriate, avoiding unnecessary effort and expense while ensuring you meet legal, customer, and insurer expectations.

Do we really need information security, or is our IT provider enough?

IT providers focus on keeping systems running, but information security goes wider. It covers governance, risk management, policies, training, supplier assurance, and compliance. Many regulations and standards, including ISO 27001 and Cyber Essentials, require independent oversight and evidence beyond day-to-day IT management. Information security ensures you understand and manage risk, not just technology.

Are services tailored?

Yes, every engagement is customized to fit your firm's specific risks.

What makes InfoSec North different?

We combine multi-domain knowledge with over a decade of practical and operational experience in highly regulated, confidential environments.

Our approach is tailored directly to your needs and our exprience covers both private and public sector. We explain everything in plain English.

How long does it take to become ISO 27001 or Cyber Essentials certified?

Timelines vary depending on your starting point and organisational maturity. Cyber Essentials can often be achieved within weeks, with wise control configurations, while ISO 27001 typically takes several months to two years. We assess your current position, define a clear roadmap, and help you progress at a pace that fits your business while maintaining cost efficiency, and where possible suing what you have rather than implementing sweeping changes.

How much involvement will our team need to provide?

We aim to minimise disruption and handle as much as possible ourselves. Some input is required for interviews, evidence gathering, and decision-making, but we handle the heavy lifting. Our approach is designed to fit around your business, not overwhelm it, and we provide clear guidance throughout.

Can you help prepare us for audits, insurers, or customer/supplier security questionnaires?

Yes. We regularly support organisations with audit preparation, insurer security reviews, and customer assurance questionnaires. We help you present clear, accurate evidence of your controls, explain requirements in plain English, and ensure responses are consistent and defensible.