Turning compliance requirements into ways to improve a Business

#ISO27001 | #GDPR | Helping companies manage compliance requirements and security risks – cyber, electronic and paper records, people, process, data protection legislation, physical access and business continuity –  in a way that delivers tangible business benefits and avoids issues that lead to financial loss and reputational damage

Details on five ways we can help YOUR business >>

Protect your Information, Protect your Reputation

Manage Security Risks

Manage security risks

We help you manage all types of security risks; people, cyber, physical access, process and business continuity.

Get ready for GDPR

Data Protection/GDPR 

We strip away the fear and myths to explain what is required to meet the GDPR and Data Protection Act 2018 requirements. And we can talk to you about Marketing (PECR) as well

Answering Information and Cyber Security questions

Dependable Advice

We will answer any questions you have about Information and Cyber Security and ISO27001.

We don’t do IT. We don’t sell products.
We give honest and practical advice on best practice to manage all the security risks to your business, and help you develop and implement programmes to integrate security and good data governance into your culture so you avoid data breaches and compliance issues that lead to financial loss and reputational damage.

View All Features

Our Blog

This blog was written after recently working with different companies on their Information Security Management Systems (ISMSs).  The ISO27000 standard – the Overview and vocabulary part of the ISO27nnn series – defines an ISMS as consisting of “policies, procedures, guidelines, and associated resources and activities, collectively managed by an organization, in the pursuit of protecting its… Read More

Continue Reading

Meeting the General Data Protection Regulation (GDPR) requirements isn’t a one-off ‘set and forget’ activity. Ongoing work is needed to ensure the requirements continue to met, this is covered by the Accountability principle in Article 5. It states that the controller “shall be responsible for, and be able to demonstrate compliance with, paragraph 1”; and… Read More

Continue Reading

The CNIL (the French Data Protection Authority) received 742 notifications of personal data breaches (and see the original report in French) that affected over 33 million individuals located in France or elsewhere. 695 related to confidentiality breaches. The accommodation and food services sector had the highest number of breaches – 185. This is due to a specific case… Read More

Continue Reading

You click Delete and your data is gone…..or is it? The IT infrastructure and services you use will not remove it straight away as you may need to recover it if the deletion was accidental, or it may need to be retained to meet legal requirements. For Google users, there are details of their four stage process… Read More

Continue Reading

An important step to effectively manage information security risks is identifying how many information Classifications you have. The ISO27001 standard supports through clause 8.2.1 “Information should be classified in terms of legal requirements, value, criticality and sensitivity to unauthorised disclosure or modification”.  There is no standard answer to how many are needed. It is one… Read More

Continue Reading

The explanation is simple but could be worrying for companies that aren’t managing risks to their business. The cyber threat to UK legal sector report has details about a £35,000 loss to a mid-sized law firm with a multi-million pound turnover from a phishing attack. A combination of social media posts from a senior partner… Read More

Continue Reading
View Blog