Skip to: Site menu | Main content

System Integrity banner

IT Business Assurance

Value is always a trade-off between the risks and the benefits, the costs and the needs. IT is there to serve the business as a whole and its important that the business makes it clear what its needs and values are.

The organization needs the assurance that the IT operations are correct and reliable.

About

Who We Are

System Integrity is a group of professionals dedicated to Risk Management and System Governance. We assist organisations to understand, implement and comply with industry best practice standards and frameworks that lead to sustained process and business improvement.

We address the training, awareness and consulting needs of organisations in the following categories:

  • IT Governance, Compliance and Risk Management
  • IT Strategy and Performance Management
  • Information Security Management
  • IT Audit
  • IT Process, IT Project and IT Portfolio Management

Our services are based on internationally accepted, highly transparent business and IT Management practices that cover a range of de facto industry frameworks and standards, including COSO, CObIT, NIST, GAO, BSI, GASSP, ISO–27001, ISO–38500, ISO-31000, OWASP, ISM3, and the Balanced Scorecard. These standards and frameworks are used by organisations worldwide to develop competent and efficient organisations and / or departments.

We aim to achieve for our clients good governance, good practices, effective and efficient processes and infrastructure that reflect the demands of modern business information systems.

The steps and processes by which we reach this goal include:

  • Auditing an enterprise’s compliance with federal and provincial regulations pertaining to IT and IT processes
  • Auditing the IT processes themselves against the commonly accepted principles of good practice and due care that apply in the industry.
  • Raising awareness about security and good IT governance at all levels of the organization

What We Do

To understand what we do, you need to understand what we don’t do since that is what makes us different from most companies.

We don’t lock you in to a vendor or to proprietary hardware or software

We Don’t Do “Solutions”

As Eric Sevareid said: “The chief cause of problems are solutions”, and as the German Playwright Johann Wolfgang von Goethe said “The solution of every problem is another problem”.

Many companies, even ‘consulting’ companies and accounting firms, make a big deal of selling a “solution” as if it was an end in itself and resulted in some kind of completion.

In reality, any ‘solution’ just uncovers other problems, raises a whole new set of new questions. It’s not a completion, it’s just part of an ongoing process.

We think in terms of a continuous improvement cycle and rather than selling you a ‘solution’, our approach is one that that addresses enabling you work on that improvement cycle yourself.

So we don’t do ‘solutions’.

We Don’t Sell Hardware (or software)

All to often all new hardware or the latest software upgrade does is let you do what you are already doing but do it faster. This probably isn’t an improvement when what you need is to do it differently, do it better.

As Jim Rohn said “If someone is going down the wrong road, he doesn’t need motivation to speed him up. What he needs is education to turn him around”.

So we focus on delivering change, on understanding and awareness.

We Don’t Use Proprietary Methods or Closed Systems

We don’t use our own special “Secret Sauce” that we’ve spent years developing and which you will have to buy from us to continue after we’re gone.

All our methods, all our documents use “open” published standards. If you need to update any of the pieces of work we supply you with then you will not need to purchase special software or pay licence fees. If you need to distribute the work, for example policies, you will not need to get licences for each employee.

Where possible we prefer to use licence-free standards such as those from NIST, GAO, BSI, GASSP and OWASP over ones that require licence fees such as ISO–27001, ISO–38500, ISO&31000 or even the excellent ISM3. However you may require licence to one or more of those for legal, marketing or administndash;rative reasons.

We work with openness, transparency and clarity.

What We Can Do For You

What we do is assist you to make your business run better.

Business runs on IT, but having newer, faster technology doesn’t necessarily mean your business runs better.

Its not us delivering a solution that we’ve developed and packaged, but instead its us showing you what we’ve learnt so that you can continue the process

What does make an effective business is good processes and good management and good business controls.

So what we do isn’t focus on the technology, but on the people and the processes.

  • Assist Organizations and people understand the difference between what they have and what they need
  • Show them that they can do something to bring about the change
  • Aiding them in the creation of the visions and the means
  • Bringing new perspectives, new alternatives and new insights
  • Building actions that lead out of problems into tangible improvements

Its not us delivering a solution that we’ve developed and packaged, but instead its us showing you what we’ve learnt so that you can continue the process.

Its not about building a dependency relationship and calling it “consulting”; its about Enablement.

Where We Specialise

We don’t try to do everything. There are many things in IT that we’re poor or only so-so at, and many more things that we can do competently but leave to other people who are excellent in those areas.

These are the areas in which we are good, in which we specialise, the areas where we can be of most value to you and your organization.

How We Work