Securing Your Business’ Information

Zygma Inc. is an independent consultancy, now in it’s

31st year of independent operations. We offer information security and identity management consulting and audit services across a wide range of business and technical fields.

The name ‘Zygma’ and our logo are a play on the name of the Greek character ‘Σ‘ (Sigma), which is used as a mathematical symbol to indicate ‘the sum of’.

Zygma operates under an ethos of working alongside you, it’s clients, more with you than simply for you, thereby delivering to you information security which is greater than the sum of our parts.


2020 – Zygma’s CEO, Richard G. Wilsher, was the proud recipient of a Kantara Initiative Exemplary Contribution Award, one of five recipients in that year’s first granting of this recognition.

The Kantara citation reads:
Richard is CEO of Zygma Inc a Kantara Certified Assessor. In 2020 Richard continued to be a regular attendee of IAWG meetings where he always provided insightful comments.  His insights were instrumental in developing feedback to requests for comments on documents from various jurisdictions – the Pan Canadian Trust Framework (PCTF) from the Digital Identification and Authentication Council of Canada (DIACC), NIST SP 800-63 Rev 3 on potential changes that could be included in Rev 4, the European Union eIDAS Regulation, the UK Digital Identity Strategy (DIS) from the UK Government Department for Digital, Culture, Media and Sport (DCMS), the Digital Identity Scotland (DIS) Scottish Attribute Provider Service (SAPS), and the Enterprise Digital Identity Program including Digital Wallet Market Consultation from the Canadian Province of Ontario. Richard was also the key contributor to the development and updating of Kantara IAF documents during 2020 – editor (under a Kantara contract funded by an donation) the IAWG’s Service Assessment Criteria (SAC) for use by Kantara Accredited Assessors to assess that Services are compliant with the requirements of NIST Special Publication 800-63 Rev 3 Federation Assurance at Level 2 and 3 (FAL2 and FAL3), Authentication Assurance at level 3 (AAL3), and Identity Assurance at level 3 (IAL3); co-editor of the update to the IAF Glossary and Overview; editor in the ARB effort that revised the IAF Service Assessment Handbook, and the editor of the IAF documents which are under the ARB’s control. Richard also contributed to Kantara’s comments on ISO standards drafts“.

2013 – Richard was recognized by CS1, the USA’s national body participating in ISO JTC 1/SC 27, from which he received an INCITS Technical Excellence award.


Zygma has provided its services in over twenty countries, to governments, commercial organisations in many sectors, standards bodies, technical specialists and forensic IT specialists.

We cover a wide range of information security topics and have the right understanding and contacts to effectively undertake assignments in our specialist domain.

We address the management, policy, procedural and technical areas of information security, and when necessary work with an international network of partners and associates with whom we can build a team with the requisite competences to fulfil our clients’ requirements.

We work with our clients, not just for them, making sure we understand the client’s context and real needs, rather than ‘drop-forging’ their problem into our solution.

We list below the principal areas in which we are active, but if what you want doesn’t appear here, get in touch with us and we’ll be pleased to respond in terms of your specific requirements.

Lodging a complaint
In the event that you have any reason to express dissatisfaction with anything you find on this web site or with the provision of any of Zygma’s services (either before, during or after their provision) please raise the matter directly with Zygma by sending an email to or to any valid Zygma contact email you have. By raising the matter directly with Zygma any problems or misunderstandings can be quickly and effectively resolved.

Zygma - Securing Your Business' Information

An ISMS is built around the requirements of the de facto IT security standard ISO/IEC 27001 “Information security management systems – Requirements”, supported by the Code of practice given in ISO/IEC 27002.

Zygma specializes in the provision of ISMS-related services.

An IT Service Management System is built around the requirements of the standard ISO/IEC 20000-1 “Information security management systems – Requirements”, supported by the guidance given in ISO/IEC 20000-2.

By this term we mean organizational frameworks within which electronic services operate according to defined (usually openly-published) regulations and/or performance and operational criteria, and thereby are trusted by others within the scope of the framework.

Zygma has a well-proven track record in setting up assurance frameworks and understands how to design the processes and procedures necessary to make them operationally effective, not just technically well-specified. This includes aligning such frameworks to International Standards, such as ISO/IEC 17021 and 17065.

We have extensive experience in the development of standards, and can assist standards bodies and other agencies and organizations wanting to develop standards documents.

Zygma can provide an independent perspective on plans, specifications, security systems etc. We can do this by applying formal auditing techniques against a specific standard or audit plan – our specialisms in this regard are in the context of ISO/IEC 20000-1 and 27001, and identity and credential management systems (ICAMs).

We can fulfill needs not readily categorized in the specific areas discussed above.

We’re sure that if you have needs in the information security area we can respond to them. And if we can’t, we’ll tell you straight and help you find someone who can.

Kantara Support

Zygma has unique understanding of the Kantara Initiative’s Identity Assurance Framework (IAF) – Zygma’s CEO, Richard Wilsher, was the principal architect of the IAF and principal author of the Service Assessment Criteria, the Assessor Qualifications and Requirements, and the IAF’s processes.  Our understanding of the IAF is unsurpassed.  Add our auditing capabilities and we are able to offer the complete range of services described here.

Zygma’s Kantara Support Services are offered at Assurance Levels 1, 2 and 3.