Richard G Wilsher – Founder and CEO
Born in the UK; graduated summa cum laude from Kingston Polytechnic (now Kingston University) with an Honours Degree in Computer Science (1977). Has held the right to the following professional qualifications: Européen Ingénieur, Chartered Fellow of the British Computer Society, Certified Information Technology Professional, Certified in the Governance of Enterprise IT, Certified ISMS Lead Implementor, Certified ISMS Lead Auditor, Certified ISMS Trainer.
Migrated to Southern California in the early 2000s; past voting member of INCITS CS1 (the US national body advising ISO on the development of international information security and other cyber security standards) and through CS1, the USA’s Technical Lead on ISO/IEX 2700x matters 2006 – 2016; presently an alternate member of INCITS CS1; over three decades’ experience in the information security domain; subject matter expert in information security management, identity management, electronic signatures, assurance frameworks, standardization; papers presented at a variety of workshops, conferences around the globe; honoured with the 2012 INCITS Technical Excellence Award.
ISMS implementation advisor.
Supported a medium-sized business in the United Kingdom to review its ability to implement and achieve Certification of an ISMS, enabling the organization to make informed business decisions on its ISMS planning.
ISMS Internal Auditor.
Retained by a small business in Texas to act as the business’ Internal Auditor, leading to a successful certification audit outcome, and subsequent formal Certification of the organization’s ISMS.
Retained security consultant to a leading Identity Services Provider
Senior Security Consultant to a leading Identity Services Provider, providing input to strategy and direction with an information security and identity management perspective at the CXO level and as a member of the business’ Information Security Governance Forum.
Assessed two major organization’s internal identity credentialing service, finding each to be conformant to Kantara’s Assurance Level 1 criteria: both services were subsequently granted Kantara Approval.
Two further assessments are under way, at ALs 2 & 3.
Supporting corporations to achieve Kantara Approval
Piloted three major corporations through their preparation for Kantara Assessments, at Assurance Level 3. Assisted with planning and execution of their preparations and through the assessment process to enable them to achieve Kantara Approval.
To date all but four over time of the CSPs which have been granted Approval for one of their services have used either Zygma’s assessment support or audit services.
US ‘IS27001 SME’ Delegate to ISO JTC1 SC27
Ongoing effort to research, author and develop original technical material for inclusion in revisions to ISO/IEC 27001, ’27002 and other 27000-family standards; supporting agreed US positions with regard to revision of these standards at the ISO international meetings, as a Subject-Matter Expert (SME). Past Deputy WG1 Head of Delegation.
Advisor to the Kantara Initiative Identity Assurance Framework
Principal architect of the Identity Assurance Framework (IAF) Service Assessment Criteria.
Defined the Assessor Qualifications & Requirements and establish the necessary processes and rules for the IAF’s Assurance Assessment Scheme (AAS) which both accredits assessors and certified Credential Service Providers. Assigned as a non-executive technical advisor to the Accreditation Review Board and continues as the de facto Editor-in-Chief.
Founder and Chief Executive Officer, Zygma Inc.
Founded Zygma in 1993 in the UK, migrating the business to Southern California in 2003, where it has since become an established part of the identity management and information security and audit scene.
Vendor Risk Management customization
Supported a client with the updating of their risk management SaaS offering to extend its
capability to be reflective of revisions to IS27001 and IS27002.
Review of Federal PKI Shared Service Provider compliance practices 2007 – 2008
Reviewed the audit practices applied to Shared Service Providers (SSP) to the Federal PKI, to determine the extent to which their audit findings could be used to satisfy FPKI requirements for SSP compliance. Zygma’s report was presented to GSA managers and representatives of the SSPs involved.
U.S. Federal Public Key Infrastructure Policy and Operational Authorities
Providing support to develop the Federal Bridge CA’s towards being an ISO/IEC 27001-
conformant ISMS. This involved reviewing FPKI documents for their suitability for supporting an
ISMS, developing plans for the development of the ISMS infrastructure and supporting
documentation requirements, and training and advising FPKI staff responsible for operating the
ISMS. Additional support was given to policy development and to an ongoing redesign of the
PKI Deployment Review for the Government of Bermuda
Undertook a three month study of the Bermudian PKI, reviewing its infrastructure, practices employed in other successful PKIs operated by other national governments, and creating a deployment strategy report for the Government of Bermuda, setting out various options, assessment of the interactions between the available options, and making key recommendations for deployment.
Development of tScheme
Took a leading role in defining the overall concepts, approval framework, assessment criteria, accreditation and approval policies, operational procedures and guidelines through until the scheme matured into an operational plc. This activity included working with a large group of UK industry representatives and interests with the perspective of achieving impartial criteria and processes which were capable of being applied to many forms of trust services.