Eurotek NS offer advice and guidance on all aspects of information compliance whether relating to legal, regulatory or internal policy and procedures.
There are frequent news items of well known brands suffering security breaches and brand damage, highlighting the importance of good corporate information governance. In the UK the vast majority of security breaches are not made public, we help organisations proactively plan how they will communicate and manage compliance gaps and security incidents with their internal and external stakeholders.
Although your legal department may be well versed in the legal aspects of compliance, not least to the data protection act, implementing the controls can be complicated, some of the legislation can seem to offer conflicting advice.
For example the FSA regulations state that for UK financial services organisations that phone calls should be recorded, where the same business takes credit card payments from clients they are bound by the PCI DSS standards. PCI DSS mandates that you must not record or store the details of the credit card number, even in voice recordings.
Some of the more common legislation clients need assistance with are:
COMPLIANCE AUDIT / GAP ANALYSIS
- BS17799 (ISO 27001) gap analysis
- Data Protection Act notification and compliance
- Human Rights act, Freedom of information act
- Intellectual property rights, copyright law
- Asset & software license audit
- Formal certification to BS17799 / ISO 27001 / PCI DSS
- Ongoing compliance audits
- Gap analysis for out of scope systems
- Security improvement programme
- Maintenance of registration through organisational change
SECURITY POLICY & STANDARDS
- Policy review Security policy design and enforcement
- Standards & process design
- Security Roles & responsibilities
- Change control management
CHANGE CONTROL RISK ASSESSMENT
- Methodology and tool selection
- Risk acceptance levels, criteria for decision making
- Corporate Information Governance
- Define risk appetite
- Evaluate mitigating controls