-
IT Governance Services
-
Information & Cyber Security Services
-
The Leading Accredited IT GRC Firm in Africa

IT Governance Services
Enhance performance through effective governance & compliance (ISO 20000, COBIT and more)

Information & Cyber Security Services
Securing your information assets in the digital economy

The Leading Accredited IT GRC Firm in Africa
Over 40 IT Best Practice Standards Projects delivered end-to-end for top-tier firms.
UPCOMING TRAINING
DJL IN THE NEWS

Nigeria contentJewels is an Information value Chain Consulting & Building Firm..
READ MOREAbout us
- ABOUT US
- /
Digital Jewels Limited is a leading IT Governance, Risk and Compliance (GRC) Consulting & Capacity Building Firm with deep competencies in Information Security, Information Assurance, Project Management, e-business and Knowledge Capacity Building.
We are certified to the ISO27001:2013 (Information Security Management System) and ISO9001:2015 (Quality Management System) standards as well as being a Qualified Security Assessor for the Payment Card Industry Data Security Standard (PCIDSS QSA) with jurisdiction for the CMEA region. Making it the only such professional services Firm in Africa to be so accredited.
Read more
About us
OUR TRACK RECORD
WHY CHOOSE DIGITAL JEWELS?
Multi-Disciplinary Skills Our IT GRC Team can leverage on the multi-disciplinary skills of the entire DJL organization, and offer an all-encompassing service addressing critical issues such as Business-IT Alignment, Benefits Realization, Resource Optimization, Service Management, Information Security, Cyber Security, Business Continuity Management, Crises Management, Occupational Health and Safety, Enterprise Architecture, Project Management amongst others.
Contextual Knowledge Our experience leading your Standards initiatives has equipped us with an understanding of your culture and pain points alongside our in-depth knowledge of IT Governance and best practice standards.

CONSULTING
CONSULTING SERVICES
SECURE
Diagnostics, Audits, Assessments & Reviews
Gap Analysis (ISO27001/PCIDSS)
Risk & Vulnerability Assessments
Penetration Tests
Information Security Audits
Direction Setting, Planning & Governance
Management Systems Design: ISMS Information Security Strategy, Architecture, Roadmaps & Blueprints Information Security Processes, Policies, Procedures IT Governance Frameworks
Project Assurance, Monitoring, Capacity Development
Project Remediation Management (ISMS/PCIDSS) Project Implementation Assurance Security Dashboard Information Security Training, Education & Awareness Building (Instructor-led & e-learning) Information Security Specialist Resourcing & Recruitment
Certification
ISO27001: Information Security Management System (ISMS) ISO27032: Lead Cyber Security Management PCIDSS: Payment Card Industry Data Security Standard CISSP
ASSURE
Diagnostics, Audits, Assessments & Reviews
Gap Analysis (ISO20000/22301/38500)
Business Impact Analysis
IT Infrastructure Audits
IT Value for Money Audits
IT Process Capability Assessments (using COBIT)
IT Pain Points Assessments (using COBIT)
Information Management Audits
Capability Maturity Assessments
CMMi Appraisals
Direction Setting, Planning & Governance
Management Systems Design: ITSMS/BCMS/ IT Strategy, Architecture, Roadmaps & Blueprints IT Processes, Policies & Procedures IT Governance Frameworks IT Performance Management Project Implementation Assurance 24 x 7 Infrastructure Monitoring
Project Assurance, Monitoring, Capacity Development
Project Remediation Management (ITSMS/BCMS) Project Implementation Assurance Information Technology Training, Education & Awareness Building (Instructor-led & e-learning) Information Technology Specialist Resourcing & Recruitment
Certification
ISO20000: Information Technology Service Management System (ISMS) ISO22301: Business Continuity Management System (BCMS) ISO38500: IT Governance TOGAF CGEIT ITIL: Foundation to Expert COBIT Foundation, Implementer, Assessor
MANAGE
Diagnostics, Audits, Assessments & Reviews
Gap Assessment (ISO21500)
& Portfolio & Project Management Health Check/Maturity Assessments
Direction Setting, Planning & Governance
IT Processes, Policies & Procedures Project Governance Frameworks
Project Assurance, Monitoring, Capacity Development
PMO Set-up Project Remediation Management (ITSMS/BCMS) Project Implementation Assurance Project Management Training, Education & Awareness Building (Instructor-led & e-learning) Project Management Specialist Resourcing & Recruitment
Certification
PRINCE2 PMP MSP MOR
ENABLE
Diagnostics, Audits, Assessments & Reviews
Website Audits
E-business Assessments
Direction Setting, Planning & Governance
E-business Strategy, Architecture, Roadmaps & Blueprints IE-business Processes, Policies & Procedures E-business Governance Project Implementation Assurance
Project Assurance, Monitoring, Capacity Development
Project Remediation Management Project Implementation Assurance E-Business Training, Education & Awareness Building (Instructor-led & e-learning) E-business Specialist Resourcing & Recruitment
EMPOWER
Diagnostics, Audits, Assessments & Reviews
IT Skills & Competence Assessments
IT Job Evaluation
Training Needs Assessment
Direction Setting, Planning & Governance
IT Career Planning Performance Management
Project Assurance, Monitoring, Capacity Development
Project Remediation Management Training, Education & Awareness Building (Instructor-led & e-learning) Specialist Resourcing & Recruitment
.
CONSULTING
TECHNICAL CONSULTING
We focus on institutionalizing global best practice standards, frameworks and methodologies to enhance the information value chain
PCI DSS
- Diagnostics: This phase involves project planning and the basic process of PCIDSS scoping; to determine what system components are to be governed by the PCIDSS.. A Gap/Readiness Assessment is also carried out to determine the level of compliance of the system components in scope. PCIDSS Awareness Sessions are also incorporated to this phase.
- Design: This involves developing a compliance Blueprint to close the gaps identified during the Diagnostics phase as well as an the development of an Improvement Roadmap for improving enterprise-wide security.
- Implementation/Remediation Management: This involves providing adequate guidance on implementation of controls (documentation, processes, technologies etc). It also involves quality assurance and project managing remediation of gaps.
- Compliance and Certification: This involves performing a compliance and certification audit carried out by our Qualified Security Assessors (QSA) and a passing scan carried out by our Approved Scanning Vendor (ASV) partner. Prior to this a mock compliance audit is carried out to ensure the organization is ready for the certification audit. Post certification, on-going monitoring and compliance are provided as well as periodic vulnerability scans and penetration tests.
Network Security Assessment
Penetration Testing
- Conducting vulnerability assessment to ascertain the inherent weaknesses within your organization`s information system.
- Conducting penetration test to ascertain and exploit, based on the detected vulnerabilities using best practice approach and methodologies.
- Conduct of a stress and load test to determine the applications vulnerable performance capability.
- Submission of concise reports on Key findings and observations and Risk-based vulnerability remediation plan with an actionable roadmap and indicative timelines.
ISMS ISO 27001
- Diagnostics: This phase involves project planning, defining the scope of the ISMS and a rigourous Controls Gap aimed at examining the organization’s compliance to the mandatory clauses and 114 control objectives and controls of the ISO/IEC 27001:2013 standard. A Risk and Vulnerability Assessment of information assets within the scope of the ISMS is also performed.
- Design: An Implementation Blueprint is developed to address the gaps observed to ensure conformity with the requirements of the standard. A Work and priority matrix for the technical security vulnerabilities and risk treatment is also provided as well as an enterprise wide improvement roadmap for information security. The Statement of Applicability (SoA) for the applicable controls from the 114 controls objectives and controls is also documented and developed in accordance with the standard. Implementation/Remediation Management: The actual remediation of the gaps, vulnerabilities and weakness observed during the Controls Gap Assessment, Technical Security Assessment and Risk Assessment is performed during this phase by leveraging on the guidance of the implementation blueprint from the Design Phase. This phase also involves wide-spread training and awareness sessions as well as the provision of adequate guidance on the implementation of controls (documentation, processes, technologies etc) as well as monitoring and measuring the effectiveness of the controls implemented.
- Compliance and Certification: The Information Security Management System (ISMS) certification audit is typically a two (2) stage audit exercise conducted by an Independent Registered Certification Body. The first stage involves a document review and the second phase is the actual certification audit. Prior to this two-stage audit, we conduct mock compliance audit to ascertain and guarantee the organization’s readiness for the certification audit. Post certification, on-going monitoring and compliance support is provided to ensure continuous compliance and successful surveillance audits and re-certification.
Network Security consulting
Lorem ipsum dolor sit amet, consectetur adipisicing elit. Nihil odit magnam minima, soluta doloribus reiciendis molestiae placeat unde eos molestias. Quisquam aperiam, pariatur. Tempora, placeat ratione porro voluptate odit minima. Lorem ipsum dolor sit amet, consectetur adipisicing elit. Nihil odit magnam minima, soluta doloribus reiciendis molestiae placeat unde eos molestias. Quisquam aperiam, pariatur. Tempora, placeat ratione porro voluptate odit minima.
Network Security Consulting
CONSULTING
REVENUE ASSURANCE
We focus on institutionalizing global best practice standards, frameworks and methodologies to enhance the information value chain
Business Continuity Management
Thinking of adopting the Business Continuity standard (ISO 22301)? Talk to Digital Jewels Limited today. Our experience in sub-Saharan Africa over the years in IT GRC consultancy spans banking, telecommunications, oil and gas servicing and government agencies, establishing our firm as a clear leader in Business Continuity Management Systems design.
Why Business Continuity:
No matter where you work or what security you have in place, there is a potential for “downside risk” [something unexpected to happen]. Everyday somewhere around the world, dangerous things happen:• Kidnaps
• Insurgence
• Cybercrime
• Power failures
• Security attacks
• Technological failures
• Reputational damage
• Natural and Infrastructures disasters
• Failure of Key dependencies /third party arrangements
• Mass workforce absenteeism due to pandemics or civil unrest
We may not be able to stop disasters (man-made or natural) from happening but we can prepare for them. Trend analysis tells us that failure to develop Business continuity capabilities will have a devastating effect on organizations who fail to do so in this times.
How We Can Help: Digital Jewels Limited will work with you to prepare for, respond to and recover from a crisis by building a reliable, pragmatic and long lasting business continuity program.
Digital Jewels Key Service Offerings in Business Continuity Management Comprise:
• BCM Training
• BCM Audits/review
• BCMS development
• Business Continuity Planning
• Continuity Testing & Facilitation
• Disaster recovery management development
• Business Continuity Management (BCM) maturity assessment
• Business Continuity certification (ISO22301 Certification assistance)
Where We Can Help:
Whether you are starting afresh, have existing continuity capabilities or with suave continuity capabilities, we can take you to the next level.
We can help assess existing capabilities and build a pragmatic programme to meet every business continuity programme requirements:
• Cyber Resilience
• Pandemic Planning
• Succession Planning
• Third Party Assurance
• BC Audit & Gap Assessment
• Towards a Resilient Organization
• Crisis Management planning & Communication
• Outage Scenario Planning e.g. vendor, premise, staff
• Building crisis ready Executives / Top Management
• Anti- Kidnap Coping & Prevention Strategic Planning
• ISO 22301 Certification to meet Regulatory Requirements
Our Differentiator:
• Experience and Track Record: We have helped numerous clients get their ISO 22301 certification. our continuity practice comprises of ISO 22301, Disaster Recovery Institute (DRI), British Continuity Institute (BCI) and BS 25999 professionals who have led organizations develop business continuity capabilities and programs, kindly explore our industry experience here.
• Partnerships and Strong References: We are a premier partner of the British Standard Institute (BSI) and have served the unique needs of organizations of all sizes and across industries, we invite you to explore our positive client feedback here.
• Proven Solutions: we can meet any length of organizational resilience or business continuity requirement with our strengthened range of service offerings.
• Expert Knowledge and Skills: Our team has a solid understanding of continuity specific regulations, industry guidelines, trends and prides itself on the ongoing enhancement of continuity and resilience solutions in line with the changing profile of global risks.
• Multidisciplinary team: Our Business Continuity team leverages on the multi-disciplinary skills of the entire organization and offer an all-encompassing service, covering topics like organizational resilience, threat analysis, emergency response, risk intelligence, crisis communication, cyber resilience.
Benefits to your business using our approach: Our approach leads to cost-effective outcomes. We have designed our framework to be flexible, so we can tailor our approach to meet your needs. We will get to know your organization and consider the current business continuity capabilities and business processes before making any recommendations.1. Effective facilities management:
Facilities are prone to diverse threats e.g. fire, robbery, insurgent attacks and so on, but using our approach proper business continuity planning, facilities can be designed for resilience.2. Effective Crisis communication:
You can come out stronger after a crisis hits but this depends on how you communicate with your stakeholders during a crisis, safeguarding stakeholder confidence. Our proven Crisis communication strategy includes communicating the changes to business operation, managing relatives of affected personnel, facility shut-down or updates on service limitations.3. Health & Safety:
We create systems to mitigate conceivable threats to staff or customers e.g. environmental hazards, chemical hazards, physical hazards, security threats, medical (disease outbreak) threats, workplace violence etc.4. A blueprint for survival, resiliency and availability:
We prepare your organization to react quickly and decisively when the inevitable occurs.5. Disaster Recovery:
Our approach addresses Disaster Recovery – the effective and timely resuscitation of the heart of your enterprise. Preparing the most critical IT systems for doomsday.6. Knowledge Management
In many organizations, the unavailability of a one or more key staff or executives due to illness, resignation, sudden death or other causes would affect the continuity of business operations. We ensure that through knowledge management critical information can survive beyond the lifetime of any staff.7. Education, Awareness & Risk Reduction.
We educate your staff on prevention and coping strategies that help your organization reduce or totally avert the risks to the business.8. Emergency management: Our approach ensures that your Personnel will have access to BC Plans that ensure they know how to respond and recover from different outage scenarios. E.g. Unavailability of key staff or mass absenteeism, unavailability of site, unavailability of technology etc.
9. Security:
Data systems are prepared to withstand hacking or electronic tampering as BC strategies can be implemented to address security, integrity and availability issues.10. Third Party Assurance:
Our approach provides the continuation of business in the event of a disruption to your supply chain. Resiliency checks would be done to ensure that key vendors have continuity arrangements to adequately support your business.Information Security Management
IT Service Management (ISO 20000)
Our tested and proven methodology, along with our extensive experience ensures the effective and timely implementation of an IT Service Management System (ITSMS) and the eventual certification to the ISO/IEC 20000-1:2011 standard. This standard defines a comprehensive and closely related set of 13 service management processes to effectively deliver managed services to meet business and customer requirements. Our consulting methodology follows the Plan-Do-Check-Act (PDCA) integrated process-based approach as adapted from the ISO/IEC 20000-1:2011, this approach is targeted at instituting a continuous improvement culture and is interpreted as follows:
- Diagnostics: This phase involves project planning, defining the scope of the ITSMS and a rigorous Gap assessment aimed at examining the organization’s compliance to the mandatory requirements of the ISO/IEC 20000-1:2011 standard.
- Design: An Implementation Blueprint is developed to address the gaps observed during the Diagnostics phase; this is to ensure conformity with the requirements of the standard.
- Implementation/Remediation Management: The actual remediation of the gaps observed during the Gap Assessment is performed during this phase by leveraging on the guidance of the implementation blueprint from the Design Phase. This phase also involves wide-spread training and awareness sessions as well as the provision of adequate guidance on the implementation of the requirements (documentation, processes etc).
- Compliance and Certification: The Information Technology Service Management System (ITSMS) certification audit is typically a two (2) stage audit exercise conducted by an Independent Registered Certification Body. The objective of Stage 1 Audit is to assess the readiness of the Service management system for the second phase (stage 2 Audit) which is the actual certification audit. Prior to this two-stage audit, we conduct a mock compliance audit to ascertain and guarantee the organization’s readiness for the certification audit. Post certification, on-going monitoring and compliance support is provided to ensure continuous compliance and successful surveillance audits and re-certification.
IT Governance using COBIT 5 Framework
Information Technology has become pervasive and plays an increasingly significant role in organizations. Our approach towards the assessment of organizations’ IT Process capabilities and its subsequent improvement assist organizations in achieving their objectives for the governance and management of IT. This approach ensures that IT can continually provide benefit to the organization by optimizing resource, minimizing risk and thereby ensuring the strategic objective of value creation. We are effectively equipped to implement IT Governance using COBIT with our team of Certified Assessors and Implementers and our substantial track record in this area. Our four (4) phased approach which is based on COBIT 5 include:
• Diagnostics: This phase involves project planning, using an assessment scoping methodology to define the scope of the assessment based on identifying relevant business drivers for IT, and the conduct of a rigorous assessment of organizations’ IT Process capabilities based on the COBIT 5 Process Assessment Model (PAM) and ISO/IEC 33002:2015, Information Technology—Process assessment. The targeted capability level for each IT Process is also defined and compared with the current capability level for each IT Process.
• Design: This involves the development of an IT Process Improvement Blueprint and Roadmap based on the IT Process Assessment results which illustrate the as-is status of the selected IT Processes. Actionable improvement practices and activities for the Governance and Management of each of the selected IT Processes are recommended where deficiencies or gaps may exist between the current and targeted capability levels.
• Implementation: This involves providing detailed guidance and project management support for establishing feasible and practical solutions for the implementation of the recommendation specified in the IT Process Improvement Blueprint and Roadmap. The improvement practices and activities for the selected IT Processes are prioritized into; immediate tactical, medium-term strategic and long-term game-changing for implementation. This phase also involves communication and awareness and project monitoring systems to ensure that recommendation are implemented.
• Compliance and Assessment: This phase involves the review of the overall success of the IT Process improvement initiative based on the transition of the implemented management and governance practices and activities into normal business operations. Performance metrics are used to monitor the achievement of IT Process improvements and provide details of continuous improvement actions by focusing on the targeted capability level of each of the IT Processes as against the performance of the implemented practices and activities.
Our firms’ multidisciplinary consulting team is grounded in years of hands-on experience and our industry-leading Best Practices focus. With our guidance, companies have been able to maximize their business transformation value – from strategy to execution. We’ll bring lessons learned from those engagements to your unique initiative. Armed with insight from our client experiences, our consultants have the know-how to quickly assess your current performance and the expertise to accelerate your journey to operational excellence.
Occupational Health and Safety
Thinking of adopting the Occupational Health and Safety Assessment Series standard (OHSAS 18001)? Talk to Digital Jewels Limited today. Our experience in sub-Saharan Africa over the years in Health and safety consultancy spans banking, telecommunications, oil and gas servicing and government agencies, establishing our firm as a clear leader in Occupational Health and Safety Assessment Series systems design.
Why OHSAS 18001:
OHSAS 18001 is the right choice when it comes to identifying and managing occupational health and safety risks and hazards. It provides guidance to help you design your own health and safety framework; allowing you to bring all relevant controls and processes into one management system. Occupational health and safety management paves the way for safer working conditions and improved performance in your organization. It provides guidelines on how to identify hazards and put in place the correct controls to manage them which can help you to: things happen:
• reduce workplace accidents, cutting related costs and downtime.
• enhance accident investigation.
• establish a positive health and safety culture.
• give your company preferred supplier status.
• reduce your insurance premiums and meet insurance requirements.
• protect your brand and image.
• provide a framework to ensure compliance with legislation is continually reviewed.
How we can Help: Digital Jewels Limited will work with you to prepare for, respond to and recover from health-threatening situations by building a reliable, pragmatic and long lasting Occupational health and safety management program. Digital Jewels Key Service health and Safety Offerings Comprise:
• OHSAS Training
• OHSAS Audits/review
• OHSAS Testing & Facilitation
• Disaster recovery management development
• Occupational health and safety assessment
• Occupational health and safety certification (OHSAS Certification assistance)
Our Differentiator:
• Experience and Track Record: We have helped numerous clients get their OHSAS 18001 certification, we also Integrate this management system into existing management systems (ISO 22301 and OHSAS Implementation). our Health and Safety practise comprises of seasoned OHSAS 18001 lead Auditors and Implementers.
• Proven Solutions: we can meet any length of organizational resilience or OHSAS 18001 requirement with our strengthened range of service offerings.
• Expert Knowledge and Skills: Our teams have a solid understanding of OHSAS 18001 specific regulations, industry guidelines, trends and prides itself on the ongoing enhancement of continuity and resilience solutions in line with the changing profile of global risks.
• Multidisciplinary team: Our OHSAS 18001 Implementation team leverages on the multi-disciplinary skills of the entire organization and offer an all-encompassing service, covering topics like organizational resilience, threat analysis, emergency response, risk intelligence, crisis communication, cyber resilience.
Project Management Consulting
Managing Projects without a proper structure or framework can be likened to embarking on a journey without a map. You might have a clear idea about your chosen destination, but how are you going to get there? What should you take with you? What will happen if you encounter problems or threats along the way? All these questions are what a structured project management practice tends to answer in a proactive way even before they are asked on the projects Do your projects overrun the agreed timelines? Are your planned project costs always exceeded, do you find out at the end of every project the initial planned scope is not what is eventually delivered? Do you always have issues around having the necessary governance and assurance on your projects? If you answered yes to any of these questions, then DJL Project Management Consulting will be more than willing to put a smile on your face and control to these pain points Our services are around:
1. Project Management health check
2. Project Management Office Set up
3. Project Management Support
4. Project Management Maturity Assessment
The approach of our qualified and experienced professionals is to conduct a painstaking gap assessment to identify the key areas that could pose as bottlenecks in the system and design best-fit solutions to the identified gaps while handholding as well as coaching our clients in the implementation of the designed solution. We don’t do a one size fit all solution, but solutions that best address identified pain points to ensure delivery of intended value and a better system that promotes effective project management.INSTRUCTOR LED
TRAINING
OUR PARTNERS




E-LEARNING
OFFERINGS
We have deep competencies in E-learning Course Conversion, Learning Management System (LMS) Deployment and Administration.
NEED AN LMS? TAKE A DEMO
REQUEST A
QUOTE
FOR COURSE CONVERSION
INSTRUCTOR LED
TRAINING
UPCOMING TRAINING
ITIL FOUNDATION
28th Aug - 3rd Sept
OUR PARTNERS







Independent Research Projects
As part of our capacity development initiatives we conduct insightful surveys and researches to buoy knowledge. Within our stable are:
Click here to see synopsis of survey reports
Facility Rentals

Our Meeting and conference rooms could be used for the following: Business Meetings; Presentations; Interviews; Strategy Sessions; Training; Seminars; Board Meetings.