Evolve North can deliver audits, reviews and gap analysis against a variety of data protection/cyber security standards and these include, but are not limited to:
- ISO27001 2022.
- ISO27002 2022.
- PCI DSS (Payment Card Industry Data Security Standard).
- NIST (National Institute of Standards and Technology).
- NIS (Network and Information Systems Regulations 2018).
- Cyber Essentials.
- IASME Cyber Assurance.
- DSP Toolkit (NHS).
- PECR (Privacy Electronic Communications Regulations).
- e Privacy Regulations.
- Cyber Insurance due diligence response.
Additionally, we can deliver reviews against more ‘principle’ based regulation including the UK GDPR/Data Protection Act that can assist an organisation in ensuring it is meeting the intent of that regulation. This approach is industry based: it is tailored to the risks within an organisation and delivers a proportionate approach to ensuring compliance and protecting data subjects. We utilise a multi-skilled team that includes ISO27001/2 Lead Auditors, PCI DSS Professionals, Certified Information Systems Auditors, Cyber Essentials Authorities and GDPR Practitioners.
Our approach to all variants of this type of review is a ‘hands on’ practical, interview, and evidence based exercise. This method is designed to establish the existing approaches, both informal and formal, within an organisation. The output of this is a risk based remediation task list that allows an organisation to address its risks in a structured manner. The remediation output will include advice and guidance and, where possible, supporting resources that can include policy and procedure templates and other supporting documents that may include record of processing/risk registers etc.
Our objective is to provide a clear path for an organisation to follow – the ICO (Information Commissioner’s Office) requires all organisations to identify, and manage, data protection and cyber security risks and these types of reviews deliver on this requirement for most organisations
“Having Evolve North support our board meetings really supported the work we are doing to safeguard our staff and customers”
Head of Operations, European Financial Services.
“Cyber Essentials Plus was essential for us to attain, and the Evolve North team made it possible”
Operations Director, UK Non-Profit
“Given our size, the vDPO service just made sense, as we couldn’t hire this role internally for several years to come”
CTO, UK Marketing Agency
“The Gap Analysis (UK GDPR, ISO 27001 & Cyber Essentials) just made things along clearer and proving our Data Protection roadmap for next 12momths”
Head of IT, Insurance Broker
“We’ve partnered with Evolve North for PCI DSS & ISO7001 support and they’ve always been there when we’ve needed them”
Programme Director, UK Hotel Chain
“They provided clarity across our M365 data and compliance services, our chaotic Microsoft licencing and our complex NHS environment”
Digital & Change Lead, UK NHS Trust
“After pushing through our Cyber Essentials and ISO27001, their quarterly Penetration Testing & Vulnerability scanning just made sense”
CTO, UK Housing Association
“Quick and easy method to get Cyber Essentials. Lots of support when needed”
IT Manager, UK Law Firm
“Just having the annual support days in place, meant we could tackle incidents and third-party onboarding easily”
Director of Tech, UK Hospitality Organisation
Industries
Evolve North works across a wide range of differing industries throughout the UK and Europe in both public, private and voluntary sectors.