Services

---

Our secondment services will help you to:

• Resource an interim CISO e.g. whilst recruiting for a permanent role, have no CISO or security leadership role but need immediate advice
• Recover from a security incident and require immediate direction and coordination of activities
• Assist you to implement an effective security governance programme and security operating model
• Establish effective security reporting and briefings to the board/ shareholders

Our consultancy services will help you to:

• Apply a robust framework for information security that provides consistent risk-based protection across the organisation, cloud services and in your supply chain
• Meet your security and privacy regulatory and compliance requirements
• Be agile and exploit new business opportunities – whilst ensuring that associated information risks are managed to acceptable levels
• Respond to rapidly evolving threats
• Update internal security policies, procedures and technical and organisational measures
• Develop the Business Base and assess to you procure and implement security solutions and/or services to support your information security risk framework and roadmap

Our secondment services will help you to:

• Advise on all aspects of data protection and privacy obligations including European Union’s General Data Protection Regulation (GDPR)
• Specify GDPR-related requirements within external supplier agreements 
• Build a ‘privacy-positive’ culture through training and awareness 
• Monitor and review all aspects of compliance with data protection and privacy obligations 
• Be an independent primary point of contact for data protection-related enquiries, liaise with data subjects and the supervisory authority 
• Represent data subjects in matters relating to processing of their personal data 
• Report on data protection risk and compliance to executive management

Our consultancy services will help you to: 

• Perform end-to-end business focused risk assessments of the information used in your critical business processes
• Undertake Data Protection Impact Assessments
• Identify your threat profile to highlight threat actors, threat attributes and threat events that are relevant to your organisation and critical business processes
• Assess existing information risk vulnerabilities
• Develop pragmatic information risk mitigation treatment plans
• Define your risk appetite and your risk posture

Our consultancy services will help you to: 

• Identify your critical information assets based on their value to the business
• Reflect the latest information risk assessment techniques to identify the threat profile of critical assets
• Provide pragmatic protection to critical information assets that reflects their threat profile and importance to the business, whilst using resources as efficiently as possible (by avoiding ‘over protection’)
• Maintain a consistent approach that addresses each stage of the information life cycle, allowing for factors that may change over time (such as the value of an information asset to the business, risk profile, or adequacy of current controls)

Our consultancy services will help you to:

• Apply a standard information risk assurance process for managing information risk with supplier and third-party relationships
• Identify instances of information risk exposure in existing supplier and third-party relationships
• Rank suppliers by the level of information risk identified and prioritise risk mitigation activity
• Identify enhancements to your ongoing vendor management processes to ensure that the information security controls required of every supplier are effective and in proportion to potential information risk exposure
• Implement processes for initial and periodic supplier controls assessments