Data Protection Officer as a Service

So you have a Subject Access Request - what do you do?
You think you have been hacked - what next?
Access to a Data Protection Expert when you need it.

Whats included

  • Registration and renewals with the Information Commissioner
  • Advice and support on GDPR related issues
  • Annual audit of compliance
  • Single point of contact for Data Subjects and the Information Commissioner
  • Subject Access Request Advice (management of SAR subject to time and materials cost)
  • Data Breach Advice (management of Data Breach subject to time and materials cost)

Cyber Incident Response Management

When you have a cyber-incident, the speed in which you respond and re-mediate the threat will make a significant difference in controlling risk, costs and exposure.

Whats Included?

  1. Cyber Incident Management – Reducing the impact of an incident through efficient, coordinated, and structured management including activity prioritisation, work stream design, resolver team management, and senior stakeholder liaison and communication. 
  2. Network Forensics – Analysis of network traffic to detect, understand, and analyse anomalous activity for indicators of compromise and active adversaries. 
  3. Endpoint Forensics – Examination of endpoints to collect, preserve, and analyse information or evidence gathered from applications, memory, and files.
  4. Malware Analysis – Analysis of executables, scripts, or known malicious software to understand their purpose and identify malicious activity through dynamic and static reverse engineering.
  5. Log File Analysis – Investigation of logs from existing sources to detect anomalous activity and identify indicators of compromise.

Cyber Health Check

Our Cyber Health Check combines on-site consultancy and audit with remote vulnerability assessments.
We will identify your actual cyber risks and audit the effectiveness of your responses, creating a prioritised plan for managing those risks in line with business objectives.

  1. What a cyber health check does A cyber health check will provide you with an incisive and detailed report describing your current cyber risk status and critical exposures, and will draw on best practice – such as ISO 27001, 10 Steps to Cyber Security, CIS 20 Critical Controls, NCSC guidance and Cyber Essentials – to provide recommendations for reducing your cyber and compliance risk.
  2. Why do you need a cyber health check? A cyber health check is essential in establishing a solid foundation on which to build your security infrastructure. A cyber health check will help you identify your weakest security areas and recommend appropriate measures to mitigate your risks. It includes vulnerability scans of critical external infrastructure IPs and websites/URLs.

    A cyber health check helps establish a secure infrastructure, which is a requirement of regulatory initiatives and compliance standards such as ISO 27001, the General Data Protection Regulation (GDPR), Cyber Essentials and others.
  3. The NIS Directive  The EU Directive on security of network and information systems (NIS Directive) requires operators of essential services (OES) and digital service providers (DSPs) to implement appropriate security measures to protect services that are essential to the national infrastructure, with the view to ensure continuity of those services.

    The NIS Directive is aimed at bolstering cyber security across sectors that rely heavily on information and communications technology. Certain businesses operating in critical sectors are known as OES. The sectors affected by the NIS Directive are: Energy; Transport; Health; Water; and Digital infrastructure.

    Due to the sensitive nature of these sectors, you will often find that the first requirement towards compliance with the NIS Directive is a Cyber Health Check.

Cyber Essentials Certification

Cyber Essentials is an official UK wide, government-backed certification that helps companies guard against the most common cyber threats and reduce your risk by at least 80%. It also allows you to demonstrate your commitment to cyber security to prospective customers.

Gaining Cyber Essentials certification enables organisations to showcase their credentials as trustworthy and secure when it comes to cyber security.
The certification defines a focused set of controls which provide clear guidance on basic cyber security for organisations of all sizes, and offers a sound foundation of cyber security measures that all types of organisations can implement at a low cost.
Cyber Essentials is the minimum certification an organisation needs to implement in order to bid for new public sector contracts which include the transfer of public sector identifiable information.

  • Increased customer confidence. Having the Cyber Essentials Certification on your website and correspondence will significant improve your standing with your potential clients allowing them to buy from you with confidence.
  • Reduced time to compliance. EUGDPR.ORG.UK are well versed in the requirements for this accreditation. Our certification service will walk you through what is necessary and reduce the time it would normally take to become compliant.
  • The first step on a journey to advanced Information Security.  Customers like the confidence information protection certifications achieve. More advanced certifications bring improvements in overall productivity and efficiencies as well. Once gaining your Cyber Essentials certification, you may want to consider Cyber Essentials Plus. This will separate you from the crowd as being serious about information security.

Cyber Essentials Plus Certification

Cyber Essentials Plus is the highest level of certification offered under the Cyber Essentials scheme, an official UK wide, government-backed certification that helps companies guard against the most common cyber threats and reduce your risk by at least 80%

Cyber Essentials Plus is a more rigorous test of your organisation’s cyber security systems where our cyber security experts carry out vulnerability tests to make sure that your organisation is protected against basic hacking and phishing attacks.

Being Cyber Essentials certified is mandatory for all organisations bidding for all central government and MOD contracts that deal with the handling of personal information and the provision of certain ICT products and services. Therefore, if you’re looking to bid for these contracts, you must hold Cyber Essentials certification.

  • Stand out from the crowd. 
  • Open more doors to new business. Companies like to know you are treating their data seriously. Cyber Essentials Plus 
  • Your second step in the journey to Advanced Information Security. 

ISO/IEC 27000 Family

ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. Using them enables organisations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.

ISO/IEC 27000:2018 provides the overview of information security management systems (ISMS). It also provides terms and definitions commonly used in the ISMS family of standards. This is the overview of the Family and is applicable to all types and sizes of organisation (e.g. commercial enterprises, government agencies, not-for-profit organisations).   Information at this level covers commonly used terms and definitions in the ISMS family of standards; 

ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organisation. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organisation. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organisations, regardless of type, size or nature.

ISO/IEC 27002:2013 gives guidelines for organisational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organisation's information security risk environment(s).
It is designed to be used by organisations that intend to:

  1. select controls within the process of implementing an Information Security Management System based on ISO/IEC 27001;
  2. implement commonly accepted information security controls;
  3. develop their own information security management guidelines.

How EUGDPR can help

EUGDPR are certified ISO 27000 Lead Auditors and Implementors. We can help you navigate the complex elements involved in understanding and implementing the security standards and practices demanded by ISO27000. We will assist in the collection of the appropriate documentation, processes and controls to enable you to achieve your accreditation quickly and painlessly.
Ongoing we can provide you with the internal Audit capabilities to retain your accreditation long term.

Mobirise free web maker