Pragmatic Specialists | Data Protection | Information Security
GDPR | PECR | BS10012 | CIPP/E | ISO27001 | Cyber Essentials | PCI-DSS
When it comes to Data Protection Officer (DPO) and Chief Information Security Officer (CISO) roles, it is often not feasible for companies to recruit the required levels of competency and independence, on a full-time basis.
You can benefit from our highly experienced data protection and information security advisors, using an "on-demand" virtual resourcing model. We assign a named senior specialist to each client, who will first establish appropriate governance and control models, before moving to a part-time "assure and advise" position as appropriate for your needs.
Our senior specialists can be held on retainer, providing the business with ad-hoc advice and guidance when required, while technical specialists can also be introduced to support with specific control enhancement projects.
Outsource your DPO and CISO roles to DataGRC specialists.
Read more about outsourced DPO and CISO Services.
Visit our DPO.Business intelligence website to read more about privacy laws and industry news.
How do you know if you have the right governance and controls in place?
Our privacy and security subject matter specialist auditors take time to understand the business, governance, risks and controls, before highlighting potential gaps and opportunities for your organisation.
Our team can also be deployed to provide supply chain assurance for your vendors and third parties.
We often use well established standards, to assess business against peers, including:
Assessors can be deployed as part of your business team, as part of your audit team, or as an independent review body.
We can also provide controlled access to the DataSentinel.online assessment solution, to record evidence, findings, recommendations, comments and approvals.
Read more about Privacy and Security Assessment | Assurance | Audit.
Identifying control gaps is only the first part of the challenge.
Remediation activities, that provide sustainable benefit to the business, often require specialist resource to understand the requirements, chose the most appropriate solutions, manage stakeholders, deliver technical change, and embed that change into the organisation.
DataGRC resource can be made available on a "plug-and-play" basis, as appropriate to you and the change, providing the right people and competencies at the right time.
Recent projects have ranged from the initiation and delivery of corporate GDPR programmes, to bespoke delivery of technical security controls.
Read more about Privacy and Security Planning | Remediation | Programmes.
We believe that staff competency is one of the most important controls for privacy and security.
Our "practitioner trainers" have worked with over 600 participants, including executive teams and functional specialists, to help them understand their risk and compliance obligations.
We also provide online training courses (with tests and attestations), awareness materials (screen savers, posters, etc) to help drive appropriate behaviours across all staff.
Read more about the DataSentinel.online privacy and security training solution...
GDPR has helped many organisations to understand the complexities of data and process documentation, which is required for effective privacy and security management. Organisations that have implemented industry standards for quality and management systems, such as BS10012 or ISO27001 will also be very aware of the challenges.
The documentation needs to cover multiple, interlinked dimensions. For example, processes, information/software/hardware assets, risks, controls and monitoring. Businesses quickly found spreadsheets to be too limiting.
DataSentinel.online has been developed by privacy and security practitioners, so that business teams can easily handle governance, risk and compliance information.
Key modules include:
Read more about the DataSentinel.Online Compliance System...
+44 (0) 208 133 0242