The General Data Protection Regulations are the biggest shake up to Europe’s privacy laws in decades. Enforceable by the ICO since May 2018, breached organisations face fines of up to 4% of annual turnover. EU data subjects have more rights over how their personal data is controlled and processed and there are strict procedures for companies to follow in the event of an access request or data breach.
Tantivy’s data privacy experts apply our discovery and assessment methods to validate your compliance against the regulations. Following GDPR guidelines, we then produce a Data Inventory, mapping the data flow for different data types, resulting in a better understanding of personal data stored, and how it is managed (controlled) and retained. Drawing on our experience and GDPR Toolkit, Tantivy deliver GDPR compliance projects, end-to-end. Organisations also come to us for vDPO Services- more information on our virtual Data Protection Officer services can be found here.
Finally, if you already have internal expertise and are only seeking the Tantivy GDPR document toolkit, this can be purchased as an off-the-shelf product. The Tantivy GDPR Toolkit includes:
- 24x Policies (incl. Data Protection, Cybersecurity, Access Control, Acceptable Use, etc)
- GDPR Process templates (incl. Impact Assessment (DPIA), Access Management Processes)
- GDPR Planning templates (i.e. Data Breach Management)
- GDPR Self Audit Procedure & Report template
Contact us for further details.
ISO/IEC 27001, published by the International Standards Organisation (ISO), is a set of standards that help organisations create and maintain effective information security, centred on the principle of continuous improvement. As a control framework for virtually every aspect of information security, it contains guidelines for developing an information security management system (ISMS), which is a framework of policies and procedures aimed at building strong information risk management processes. It includes legal, physical, and technical controls involved in cybersecurity.
Tantivy’s ISO27001 Experts will lead you through the requirements to meet the Standard, working with you to produce the information asset register, complex risk assessments and treatment plans, in addition to all other policies and processes. This is a complex programme with often transformational change required to implement and maintain. Our change philosophy is that successful change requires engaged people – we will draw on our experience to deliver the transformation smoothly. With our security experts and ISO27001 Toolkit, Tantivy deliver ISO27001 compliance projects, end-to-end.
If you already have internal expertise and are only seeking the Tantivy ISO27001 document toolkit, this can be purchased as an off-the-shelf product.
Contact us for further details.
Cyber Essentials and Cyber Essentials Plus are UK government information assurance schemes operated by the National Cyber Security Centre (NCSC) that encourages organisations to adopt good practice in information security. Cyber Essentials helps you to guard against the most common cyber threats and demonstrate your commitment to cyber security.
Tantivy are working towards becoming a Cyber Essentials Certification Body and look forward to working with you to achieve recognition for your commitment to cyber resilience.
The IASME Governance standard, based on international best practice, is risk-based and includes aspects such as physical security, staff awareness, and data backup. The IASME standard was recently recognised as the best cyber security standard for small companies by the UK Government when in consultation with trade associations and industry groups. The IASME governance self-assessment includes the Cyber Essentials assessment within it as well as an assessment against the requirements of the GDPR. The audited IASME certification (GOLD) is seen as a realistic alternative to ISO27001 by an increasing number of companies.
Tantivy are working towards becoming an IASME Governance Certification Body and look forward to working with you to achieve recognition for your commitment to cyber resilience.