IT Security Review
With the ever-present threat of cybercrime, including identify theft, theft of trade secrets, ransomware, hijacking financial transactions to name a few, it has never been more important to examine your information technology and put steps in place to make it secure.
Cybercrime has the potential to cost your business thousands of pounds in just a few seconds and could easily put you out of business.
Many small to medium sized business mistakenly thin that their IT systems are secure, or trust their IT staff or IT providers to have all the bases covered.
Unfortunately, many IT staff and 3rdparty IT Network/Support providers are not security experts and quite often miss the basic security principles.
Ask yourself these questions:
- Are the laptop hard drives used by my organisation encrypted?
- Can people in your organisation access file and systems from anywhere outside the office?
- Does your IT supplier have constant, unchecked access to your IT systems?
Under most circumstances answering yes to any of the above would likely see you fail PCI DSS, ISO 27001 and nominally GDPR.
Even if PCI and ISO27001 are not on your to do list, securing your systems for GDPR should be.
We also know that the GDPR is not prescriptive about IT Security and so many companies will have not included any IT changes in their GDPR program.
However, after your people, your technology is going to be your weakest link in protecting personal data. And in actuality, how your people use IT is predominately the reason breaches happen. GDPR Auditing have 50 years combined experience of IT and IT Security, and class IT Security for GDPR as their specialist area.
Our audit is based on PCI DSS 3.2.1 security practices, always looked upon as the gold standard for keeping financial (Card Data) secure. We apply the same gold standard to Personal Data.
Our IT Security audit is aimed at those areas of your business responsible for building, buying, implementing, and operating your IT systems. And those people responsible for managing the IT Services and Providers.
Understanding your compliance gaps
Your IT Security compliance gaps will be clearly documented and we will talk you through them to ensure you understand them.
We will provide you with a prioritised list of findings as well as a clear set of recommendations.
The IT Security Review will cover:
- System build and configuration
- Vulnerability management and patching
- Network security, firewalls and network devices
- Resilience, availability and disaster recovery
- Identify Access Management
- Role Based Access Control
- IT Security management and governance
- Security Architecture
- Logging and Monitoring
- Incident Management and Breach Reporting
- Security of cloud services, AWS, Azure, others
- Security of cloud based productivity solutions O365, Google Docs
- Security Scanning and Penetration Testing
- GDPR Specific
- Privacy by Design
- Data Protection by Default
- Data deletion and right to be forgotten
- Audit Trails and Accountability