Are you ready?

GDPR Compliance Gap Analysis identifies what your business is currently doing to protect Personal Identifiable Information (PII) and Sensitive Personally Identifiable Information (SPII). We compare that to what it must do to be achieve compliance to the GDPR.

What will we do?

• Conduct on-site analysis of your controls compared to those required for compliance to the GDPR.
• Interview your compliance stakeholders and confirm the evidence produced is suitable against that required by the GDPR.
• Perform a vulnerability assessment of the external IPs associated with your network.
• Create a detailed report highlighting the gap between your existing operations and controls and those that are required for compliance to the GDPR.
• Create a list of activities, in order of priority, that your business needs to undertake to gain compliance.

What will you receive?

• Our comprehensive gap analysis against the GDPR.
• The report listing your current compliance status.
• An initial Project Plan, detailing the specific actions required for compliance.
• Identify the order of significance, allocated budget, resource and completion dates.
• Telephone support from an information security compliance consultant.

GDPR Information Security Policies provide the security baseline for protecting Personal Identifiable Information (PII) and Sensitive Personally Identifiable Information (SPII). Whether processed, stored or transmitted by your business.

What will we do?

• Create a baseline GDPR information security policy for you to brand and implement.
• Provide additional templates of recommended “control-level” procedures required for implementing the policies.
• Conduct a workshop for stakeholders to ensure their understanding of the policies for implementation.
• Telephone support from an information security policy specialist to answer any questions you may have.

What you will receive?

• Customised GDPR Information Security Policies and recommended procedures.
• A certificate of validation for compliance.
• A half-day workshop for stakeholder understanding.
• On-going advice and assistance regarding policy questions.

GDPR Subject Access Request Form is the template for a written, signed request from an individual to see information held about them. The Data Controller must provide all such information in a readable form within one month of receipt of the request and must not charge a fee for this request.

What will you receive?

• A template Subject Access Request Form with your branding.

Network (External) Security Vulnerability Assessment Scanning is required to identify security vulnerabilities associated with the external-facing IPs of your network. Automated scanning technology is used to identify known vulnerabilities, such as configuration flaws, security patches and updates.

What will we do?

• Provide security vulnerability scans each quarter of the external-facing IP addresses of your network for one year.

 What will you receive?

• Following each scan you will receive a detailed report of the findings, documenting any vulnerability identified and recommendations for mitigating that vulnerability.
• Telephone support from an information security consultant following each scan.
• Rescan two weeks after the original scan to ensure recommended remedial actions were effective.
• A certificate of validation of compliance.

GDPR Network Security Penetration Test is used for evaluating the security integrity of a network that processes, stores or transmits Personal Identifiable Information (PII) and Sensitive Personally Identifiable Information (SPII) by simulating an attack.

What will we do?

• Carry out one security penetration test of your network. 

What will you receive?

• Detailed report of the findings listing any vulnerabilities identified with recommendations for mitigation.
• Telephone support from an information security consultant to answer any questions you may have about the report or remediation.
• Retest two weeks following the original scan to ensure recommended actions were effective.
• A certificate of validation of compliance.

GDPR Website Security Penetration Test is to evaluate the security integrity of a website that processes, stores or transmits Personal Identifiable Information (PII) and Sensitive Personally Identifiable Information (SPII) by simulating an attack.

What will we do?

• Conduct an application-level security penetration test of your website.

 What will I receive?                  

• Detailed report of the findings , including any vulnerabilities identified and recommendations in order to mitigate.
• Telephone support from an information security consultant to answer any questions you may have about the report.
• Retest two weeks following the initial scan to ensure actions were effective.
• A certificate of validation of compliance.

GDPR Security Awareness Training is the process to ensure that your employees understand the risks to the PII or SPII your business processes and best practices to ensure that the security of this is sensitive data. Training is provided through an internet portal and explains in simple language the requirement for protecting this information, current hacking techniques used to get access to this data and best security practice for keeping it secure.

What will we do?

• Deliver an easy to use, on-line (30 minute) General Data Protection Regulation (GDPR) Information Security Awareness Training Course for your employee’s to learn best GDPR security practice.

What will you receive?

• Effective course content with consistent, simple and meaningful messages useful outside of the workplace and so more readily accepted by both non-technical and technical employees alike.
• Company & employee information security training validation certificates for award and evidence of compliance.
• Monthly information security awareness bulletins to be included in your businesses newsletters, intranet publications, or blogs.