Service

Introduction

This service is being provided to small and medium-sized enterprises (SMEs) to enable them to meet the required obligations for data security as required under the Payment Card Industry Data Security Standards (PCI DSS), Data Privacy Act (DPA) and EU GDPR compliance – delivering Compliance as a Service (CaaS). This means that SMEs can fulfil these obligations without pulling in their own compliance and IT security resources.

Service Description

Experienced and qualified security compliance professionals will be available to provide offsite remote data security and regulatory compliance consulting services for a monthly fee. Onsite services can be provided at a discounted rate if the monthly CaaS is taken up.

Security Risk Scoping Service

A one-time cost, offsite service to understand the security exposure scope of you and your affiliated companies. This service will cover the following areas, subject to the pre-requisite of having the necessary documentation relating to the following:

  • Review the scope of the environment
    – Data ingress points
    – Data outbound points
    – Data Processors
  • Review of the high-level topology of the environment and mapped data flows to identify;
    – Applications and systems used
    – Compliance governance structure – defined roles and responsibilities
  • Review the data security policies, processes and procedures
  • Review the customer rights obligations in place
  • Review suppliers and processors that are in scope
  • Advise and report on the GAPS and the remediation steps required to meet Data Security compliance and regulations

Ongoing monthly CaaS

Availability to contact our dedicated team of compliance and security consultants directly via:

  • Telephone*
  • Email*
  • CaaS-dedicated live chat portal*
    *Typically on a Monday-Friday, 9am-5pm (UK) basis (24/7 service available)

Through our CaaS and dedicated compliance and security consultants, the following services are available – to advise on:

  • Any compliance issues – ISO 27001, Cyber Essentials, PCI, GDPR and DPA
  • Data security issues within technical security project implementation
  • Supplier engagement relating to your compliance and security obligations
  • Data security compliance impact analysis on any business changes
  • Engagement with new third parties
  • Data Protection Impact Assessment (DPIA) risk analysis
  • Delivery of DPO service and obligations under DPA and EU GDPR
  • Act on your behalf as your DPO interface to the Government’s Information Commission Office (ICO)
  • Provide a one day security awareness training session (maximum 10 delegates)