InfoSec Support Services

Ensuring compliance with GDPR can be a complex endeavour which runs the risk of landing your business in some hot water. We take the worry out by offering a simple affordable DPO retainer service where we place your organisation with an experienced DPO to be your point of call for questions on how to remain compliant with GDPR. The service starts with 1 day a month, which is proactively used on the mandated responsibilities of a DPO within an organisation handling Personal Data including:

• Dealing what the hell Data Subject Access Requests (DSAR) from customers and employees

• Maintaining Records of Processing Activities (RoPAs)

• Ensuring Data Protection Impact Assessments (DPIAs) are conducted for high risk processing activities

• Conducting training and awareness

• Internal auditing of data handling

This service is designed to let us take the worry of a material data breach off your plate so you can concentrate on building your business without the expense of a full-time in house team.

This service starts at 1 day a month used proactively on what is needed by your organisation the most. Examples of how other customers use this service to support their regulatory requirements:

​

• monitor and report monthly on the information security throughout the organisation through a key set of bespoke metrics

• handle security questionnaires from customers, vendors, or partners

• Helping define an appropriate infosec strategy for your business/product/new geographies 

• information security, cyber, and data protection risk management

• provide a point of contact for any and all security questions

Reach out below to discussion affordable to fractional solution to your security challenges.
 

For businesses looking for a point in time evaluation of their data protection and compliance to GDPR, we offer an audit service which will evaluate the technology, people and processes that handle Personal Data and their effectiveness in fulfilling obligations under UK GDPR. 

​

After the engagement you'll be provided with a prioritised list of actionable mitigations and suggestions for any risks identified, with ongoing support in the best way to implement in a pragmatic way that doesn't tie your business up in red tape.

If you're concerned about where to begin to understand your organisation's security maturity, then our Cyber Security audit package can help. We use globally recognised NIST CSF to breakdown the complex fast-changing world of cyber security into an digestible language of 6 functional areas helping you to understand:

 

• Govern - how well do we ensure the obligations placed on the group from external regulatory bodies are effectively managed throughout the organisation?

• Identify - how well do we identify risks, vulnerabilities, threats, and weaknesses?

• Protect - how well do we protect our technology people and processes from these?

• Detect - Do we have the right detections in place to tell us when things have gone wrong?

• Respond - Do we respond effectively when they go wrong?

• Recover - How effective do we get back to a place of effective operation when they do?

90% of cyber security breaches start with human error. We take a holistic risk-informed approach to ensure we understand the in's and out's of your  business to ensure we're delivering effective, relevant, and memorable security awareness training to ensure changed behaviours meet your compliance needs.

​

We offer a range of training to suit your needs:

• Security awareness training for new starters

• Finance team social engineering awareness

• Risk Management training for leadership

• OWASP Top Ten for developers

For software product businesses, your software development lifecycle is the heartbeat of your operations. As we've seen technology abstract away from infra into software, we've taken hit on observability in favour of velocity, particularly in the opaque world of the Software Development Lifecycle. Increasingly we're seeing attacker exploit the SLDC to breach an organisation and its products. Legislator and customers of software are increasingly looking to the software provider for assurances on their good practice.

​

This service is designed to give businesses an objective view into the security maturity of their software development lifecycle, with clear prioritised actionable remediations on any risks identified, using globally recognised OWASP Application Security Verification Standards (ASVS) to give you the assurance needed to provide to stakeholders and customers.