Evolve North can deliver audits, reviews and gap analysis against a variety of data protection/cyber security standards and these include, but are not limited to:
- ISO27001 2022.
- ISO27002 2022.
- PCI DSS (Payment Card Industry Data Security Standard).
- NIST (National Institute of Standards and Technology).
- NIS (Network and Information Systems Regulations 2018).
- Cyber Essentials.
- IASME Cyber Assurance.
- DSP Toolkit (NHS).
- PECR (Privacy Electronic Communications Regulations).
- e Privacy Regulations.
- Cyber Insurance due diligence response.
Additionally, we can deliver reviews against more ‘principle’ based regulation including the UK GDPR/Data Protection Act that can assist an organisation in ensuring it is meeting the intent of that regulation. This approach is industry based: it is tailored to the risks within an organisation and delivers a proportionate approach to ensuring compliance and protecting data subjects. We utilise a multi-skilled team that includes ISO27001/2 Lead Auditors, PCI DSS Professionals, Certified Information Systems Auditors, Cyber Essentials Authorities and GDPR Practitioners.
Our approach to all variants of this type of review is a ‘hands on’ practical, interview, and evidence based exercise. This method is designed to establish the existing approaches, both informal and formal, within an organisation. The output of this is a risk based remediation task list that allows an organisation to address its risks in a structured manner. The remediation output will include advice and guidance and, where possible, supporting resources that can include policy and procedure templates and other supporting documents that may include record of processing/risk registers etc.
Our objective is to provide a clear path for an organisation to follow – the ICO (Information Commissioner’s Office) requires all organisations to identify, and manage, data protection and cyber security risks and these types of reviews deliver on this requirement for most organisations