Practical Solutions for ISO 27001:2013 Security and ISO 22301:2012 Business Continuity.

About ParkinsonHowe.

about ParkinsonHowe

ParkinsonHowe has long been a pioneer in the areas of ISO 27001:2013 information security risk assessment, ISO 22301:2012 business continuity management and cybersecurity. Our mission is to be the leader in managing information security risk, improving business continuity, enhancing quality and optimising results. The purpose of ParkinsonHowe is to:

  • Develop, validate, review and maintain a client's compliance and certification;
  • Assist and quality assure clients that use ParkinsonHowe methodologies;
  • Assist in assessments on clients Internal Operational Agreements and 3rd party Service Level Agreements
We pledge to monitor our performance to our clients as an ongoing activity and to strive for continual improvement.ParkinsonHowe is an independent information security and business continuity consultancy established in 1989, with limited status in 1998. We work together with clients and their partners at all levels within the financial, retail, telecommunication and Education sectors nationally and internationally.

Our approach to assignments is based on best practice in Business continuity and information security, and more recently by ISO 27001:2013 and ISO 22301:2012. Adopting this approach has allowed Organisations to implement good practice in all area's and be able to demonstrate its commitment to delivering its services and managing any incident/situation that might disrupt those services.

The project team is experienced, with substantial knowledge and expertise in delivering business continuity and information security solutions throughout the world effectively and efficiently. (recent projects have been in the United States, Indonesia, Bahrain, India, Mexico and Germany

Effectiveness of Management Systems.

Effectiveness of Management Systems

Over the past few months, we have been attempting to understand better, how to measure the effectiveness of management systems. We previously published one way that tied into the objectives of the business. Another way to look at effectiveness is to tie them into the overall mission statement of the organisation, and therefore measure against these.

Below you will see an effectiveness chart based on a companies current ISO 22301:2012 audit and previous consolidated audits.


You can make effectiveness measurements as complicated as you require, they can be based on each process or performance factors. Whichever is chosen, it has to meet the organisation’s requirements.


Click on the images to read about the Consultancy and Audit services we support

ISO 27001:2013 consultancy services
  • ISO 27001 Consultancy
ISO 22301:2012 consultancy services
  • Audit Services
  • ISO 22301 Consultancy
ParkinsonHowe consultancy services

How long does it take to build an ISMS or BCMS To develop an ISO 27001:2013 ISMS or an ISO 22301:2012 BCMS the documentation can take from one month to several months. one of the critical factors is the business agreeing on the control and sign off of the management system. With this in mind we try to assist and alleviate as much of the worry as possible, by utilising previous work on an ISMS and BCMS from other companies. Any work carried out on the management system is usually prepared using your existing policies and procedures, however because we have developed many management systems, we can call upon our existing templates. This significantly speeds up the consultancy process and allows a company to gain further assurance. The end-costs of our consultancy frequently prove to be a nice surprise, due in some part to ParkinsonHowe coordinating with you, but working independently of day-to-day business decisions. Our hourly rates are competative in the market and we garantee transparency. The end-costs of our ISO 27001 and ISO22301 services frequently turn outto be a nice surprise.

ParkinsonHowe auditing services

GAP Analysis and Internal Audits Performing a Gap Analysis provides a practical way forward when starting your project for implementing a Management System Scheme such as ISO 27001, ISO 22301. Using a pragmatic business-focused approach we can compare your current systems and processes against recognised best practice as a first step to achieving certification. Analysis is based on interviews with key members of your organisation to establish your current position in relation to that required by the relevant scheme. We deliver a report which identifies where your organisation meets requirements and where there are gaps. The report includes recommendations on resources and actions needed to fill these gaps as well as the timescales necessary to achieve certification. We will then help prepare a comprehensive project plan covering the subsequent stag es of the implementation programme. This will include details of project actions, ownership and timescales.

ISO 27001 and ISO 22301 Training services

Training courses for ISO 27001:2013 and ISO 22301:2012 Our aim is to offer practical, cost effective training to organisations and individuals. Our training courses allow delegates to expand their IT, business and management skills. Case studies provide valuable insight and opportunity for individual assistance from our experienced trainers. Delegates can expect a carefully designed training experience with a balanced mix of presentations, exercises and group discussions. In this way the courses will provide lasting benefits to both the delegate and their organisation.

BS 11000 services

BS 11000 allows you to collaborate successfully. It outlines different approaches to collaborative working that have proven to be successful in businesses of all sizes and sectors. BS 11000 shows you how to eliminate the known pitfalls of poor communication by defining roles and responsibilities, and creating partnerships that do nothing but add value to your business.

Bespoke Audit services

The structure of an audit is usually built around the clauses of the standard being audited. Our consultants and auditors use their qualifications, knowledge and experience to select a series of audit trails from the information presented to them; to give an informed independent perspective on how the system or service is working. Bespoke Audit Protocols - Bespoke Audit protocols take the idea of scored audits to a new level, by building on the recognised audit standards through the addition of client expectations, policies and processes into the scored audit question set. Scored Audits - A scored audit adds to this through the use of graphical displays which have a significant impact for internal communication and gaining management attention more quickly. Improvement (or decline) over time can also be measured and demonstrated through the use of absolute scores, percentage scores, 'levels' of achievement linked to client defined 'thresholds'.

Supply Chain Audit services

A supply chain security and business continuity audit proves your commitment to control security and continuity risks to the benefit of you and your customers. Supply chain security and continuity audits look at Data and access security as well as the resilience of your supply chain.


Click on the images to read about selected assignments.

Client - Celerity-IS
Client - Nexxlinx
Client - ELFS

ELFS Shared Services was established on the 1st April 2002 and is now in its eleventh year of operation providing business shared services to 17 NHS client organisations from its offices located at Viscount House just off the M65 at Junction 4, Blackburn with Darwen Services.

ISO 22301 Consultancy - ParkinsonHowe engagement is to assist in and maintain ELFS business continuity management system under ISO22301 Certification. Click here to visit ELFS Website...
Client - DNVGL

DNV Business Assurance is a world leading certification body. They work with their customers to assure the performance of their products, processes and organisations through certification, assessment and training services. ParkinsonHowe has undertake key support engagements for DNV-GL since 2004 including:

- ISO 27001 - Information Security audits and training;
- ISO 22301 - Business Continuity audits and training;
- ISO 15489 - Information and documentation - Records management;
- ISO 9001 - Quality management systems audits;
- BS 11000 - Collaborative business relationship audits
A list of client assignments are not included on this website >Click here for ParkinsonHowe profile on the DNVGL Site... Click here to visit DNV-GL website...
Client - RCGP

The RCGP is the voice in support of doctors in general practice and the improvement of patient care. They represent the views of GPs on key Government and Departments of Health committees / working groups, medical royal colleges and many other primary care organisations. ParkinsonHowe has undertaken a number of key support engagements for RCGP since 2004 including: ISO27001 Security Consultancy - We have worked with RCGP as their information security advisors, to develop a management system that has allowed RCGP to gain ISO27001 certification for the ReValidation and E-Portfolio services. Risk Management Framework - RCGP required an operational risk framework to be implemented, and turned to ParkinsonHowe for assistance. Business Continuity plans - When the time came to develop executive management business continuity plans, ParkinsonHowe assisted in creating and exercising the plans with RCGP. Click here to visit RCGP website...

Client - Celerity-IS

Celerity-IS is a UK based data services company, supporting and facilitating business and marketing needs. From quality Database Development to top level Systems Integration. The company's headquarters are in Dartford. ParkinsonHowe has undertaken varied assignments for Celerity-IS since 2007 including: ISO27001 Security Audit - ParkinsonHowe was engaged to carry out a wide-reaching information security audit of the company to ascertain their appetite for ISO27001 and CCC 55 standard. Internal Audit - In a separate assignment, we have been engaged to conduct ongoing ISO27001 information security audits and provide assistance in maintaining Celerity-IS certification. Business Continuity: We supported Celerity-IS in their development of business continuity plans that address, both the organisations requirements and the services being provided to clients. Exercises have been conducted to highlight the risks and issues faced during a recovery. Click here to visit Celerity-IS website...

Client - Nexxlinx

ParkinsonHowe have been contracted by Nexxlinx to develop a framework for certification to ISO 27001:2013 and ISO 22301:2012

ParkinsonHowe will assist NexxLinx to develop a progressive information security and business continuity management system consistent with industry best practice.

Click here to visit NexxLinx website...

Client - DAS

DAS has become firmly established as the clear leader within the legal expenses insurance market. DAS are proud of the fact that they provide access to justice for millions of people and, as a result, have become one of the leading non-life insurers. ParkinsonHowe has undertaken varied assignments for DAS Legal Services since 2006 including:

ISO27001 Security consultancy and training - ParkinsonHowe was engaged to carry out a wide-reaching information security audit of the company to ascertain their appetite for ISO27001.

Internal Audit - In separate assignments, we have been engaged to conduct ongoing ISO27001 information security audits and provide assistance in maintaining DAS certification.

Click here to visit DAS website...


Click on the images to read about the Clients we have supported in the following sectors.

Manufacturing resiliance
Government and Public sector security
ISO27001 in Banking
ISO22301 in Retail
Business Continuity in Exploration
Medical Records Security
Manufacturing sector

Security of customer data and business continuity in the supply chain is important in this sector, ParkinsonHowe work with the following:
- Howard Hunt Group
- AEA Technology
- ScottishPower
- Chubb
- Southern Water
- Rockwell Collins
- Sureprint
- Verbis
- Itarus.

Government sector

We have carried out a number of ISO27001 information security, ISO 22301 business continuity projects and training courses with the following:
- Manchester City Council
- Scottish Qualifications Authority
- General Teaching Council for England
- Connexions
- Learning and Teaching Scotland
- Qualification and Curriculum Authority

Banking sector

We have workied with a number of the leading financial institutions on security and business continuity improvements:
- FandC Asset Management
- Provident Financial
- Metro Bank
- EFG Eurobank
- Sonali Bank.

Retail sector

- SR Communications
- Security Partnerships
- Telco

Petrochemical sector

- BP
- Shell
- Arco and Arco British
- Lasmo
- Texaco
- Total.

Medical sector

- Royal College of General Practitioners
- General Medical Council
- Elfs Shared Services
- NHS Barnsley
- NHS Newham
- NHS City and Hackney
- Bridgewater Hospital
- NHS Bromley.


The fastest way to contact us is by the contact form.


Contact Us

Please feel free to email us with any queries you might have on security or continuity. If you would prefer to speak to someone in person, please dial +44 (0) 161 484 0070


  • 3 Davenport Park Road,
  • Davenport Park,
  • Stockport,
  • SK2 6JU,
  • United Kingdom

Return to top of page