Additionally, we can deliver reviews against more ‘principle’ based regulation including the UK GDPR/Data Protection Act that can assist an organisation in ensuring it is meeting the intent of that regulation. This approach is industry based: it is tailored to the risks within an organisation and delivers a proportionate approach to ensuring compliance and protecting data subjects. We utilise a multi-skilled team that includes ISO27001/2 Lead Auditors, PCI DSS Professionals, Certified Information Systems Auditors, Cyber Essentials Authorities and GDPR Practitioners.
Our approach to all variants of this type of review is a ‘hands on’ practical, interview, and evidence based exercise. This method is designed to establish the existing approaches, both informal and formal, within an organisation. The output of this is a risk based remediation task list that allows an organisation to address its risks in a structured manner. The remediation output will include advice and guidance and, where possible, supporting resources that can include policy and procedure templates and other supporting documents that may include record of processing/risk registers etc.
A review of your current compliance with data protection laws will allow your organisation to identify any existing risk areas that may need further action, and demonstrate that you are actively meeting your legal requirements in relation to personal data. We can produce a remediation plan that can be used for ongoing improvement planning within your organisation.
We have experience in producing gap analysis reports, identifying the current status of organisations across many industries and geographic locations. We understand the work required to become compliant with the relevant laws, regulations and standards governing organisations around the world.
Our objective is to provide a clear path for an organisation to follow – the ICO (Information Commissioner’s Office) requires all organisations to identify, and manage, data protection and cyber security risks and these types of reviews deliver on this requirement for most organisations.
Seeking a formal or informal review of your legal and regulatory controls within your industry?
Evolve North can deliver audits, reviews and gap analysis against a variety of data protection/cyber security standards and these include, but are not limited to:
- ISO27001 2022.
- ISO27002 2022.
- PCI DSS (Payment Card Industry Data Security Standard).
- NIST (National Institute of Standards and Technology).
- NIS (Network and Information Systems Regulations 2018).
- Cyber Essentials.
- IASME Cyber Assurance.
- DSP Toolkit (NHS).
- PECR (Privacy Electronic Communications Regulations).
- e Privacy Regulations.
- Cyber Insurance due diligence response.
Industries
Evolve North works across a wide range of differing industries throughout the UK and Europe in both public, private and voluntary sectors.