We are a group of people passionate about data protection and privacy. We love protecting our client’s data. We do not simply advise but actually work with our clients to develop a culture of understanding and valuing of their critical data. This means nurturing and supporting them as their organisations explore opportunities in cyber space and internet based technologies. We have experience of large and complex technology led change and transformation programmes.
We work in both the public and private sector, in regulated and unregulated industries such as:
- Central Government – DETR, DCLG, MOD, BIS, HMRC.
- Finance – VISA Europe, Bank of England, Post Office
- Retail – The Post Office
- Media – Reuters
- Health – NHS Connecting for Health
- Telecoms – BT
- Service Providors – Capita
We have been providing IT, information and cyber security services for nearly 20 years. Our first consulting project starting in January 1998 designing a firewall solution based on TIS Firewall Toolkit for the Department of Transport and Regions (DETR) as it was known back then. Since then we have had many such projects, designing, implementing supporting complex security solutions for many of our discerning clients.
What are we good at?
Well, many things but we are particularly good at:
- Data Protection – DPA and GDPR – we are specialising in GDPR having built expertise in DPA over the last 20 years. Please do read our blogs.
- ISO27001 – we have lots of experience of ISO27001, including Lead Auditors.
- IT HealthChecks, Penetration Testing – scoping, managing, remediation we have scoped arranged and managed many for clients using specialists high end pen testers and followed up with remediation, activities etc.
- Application security frameworks, methodologies, best practices such as OWASP, CWE25 – advice but not coding
- HMG Security policy framework and standards
- We have experience of Cloud services, architecture, hosting models, SaaS, PAS, IaaS, Hybrid Cloud security
- Risk Assessment and Risk Management – Setting up and managing risk register, risk reporting, risk treatment
- Business Continuity, Contingency Planning and Crisis Planning
- We are very good at designing, implementing and testing incident management processes as well as dealing with incidents and breaches.
- Security Strategy and Security Frameworks
- Security Architecture and Design
- We have experience of Data Centre, selection and audits and supplier audits
- We can also help with PCI-DSS, we can assist with security controls, attestation.
- We are good ad auditing and assessments
- We are very good at supplier due diligence, supply chain risk assessments, and audits
- We particularly good at working with senior stakeholders and getting buy-in for data protection
- We are excellent at raising security awareness and cultural change across the organisation in a fun way.
Our consultants hold the following qualifications and certifications:
GDPR-F, GDPR-P, CISSP, CISA, CISM, CRISC, TOGAF, ISO27001 Lead Auditor, CCP, ISACA Cybersecurity, CCNA and ITIL Expert.