Case Study One:
we worked with a UK technology business with less than 150 staff. The client had several audits scheduled. These were to include a focus on data protection and classification.
We reviewed and simplified their Data Classification policy, ensuring it met their own and their clients needs as well as presenting back to the client in a way their staff understood the policies and their roles in handling data.
We redesigned the Data Privacy and Protection Policies along with the Classification and Breach Policy into a single easy to follow policy. This enabled us to deliver more regular and focussed awareness sessions to build staff engagement and knowledge.
We mapped role-based access control to systems and data classifications to ensure the client’s new access control system was manageable, focused and resilient.
We designed and implement a security incident response and communications plan with test dates building the client’s confidence to manage crisis and return swiftly or uninterrupted to business.
Case Study Two:
We were engaged by a UK FinTech business, under 200 staff with an impressive global footprint. The challenges presented included building Privacy and Security awareness and compliance to better meet growing client expectations.
We reengineered their approach to Privacy and Security reducing lengthy policy documents from 22 to 3, encompassing policy decisions within tailored more relevant policy, meeting and exceeding the requirements of ISO27001 and Cyber Essentials Plus along the way. We tested this new approach with the clients support when we delivered a presentation to a well-attended law conference. We received excellent feedback from several established law firms on our approach. Having redesigned the security and privacy approach we delivered quarterly awareness briefings to the client staff with much higher rates of engagement, understanding and feedback. These enhancements led to much greater efficiency in onboarding new starters and much swifter response, often ahead of time to client contract risk and security questionnaires.
Our client was delighted as we reduced time and spend overheads whilst driving up performance and security. We positioned the client to win several new contracts marketing their security and privacy performance. We reduced onboarding time and improved quality for new starters (and leavers). Finally, we delivered quarterly companywide awareness sessions with staff actively engaged with regular feedback.
Case Study Three:
A UK Technology business with less than 150 staff providing services to larger businesses.
The challenges the client presented were to reduce Data Breach exposure and to build response capabilities for data loss events.
The opportunities we presented to our client and delivered were to refine Identity and Access Management reducing a reliance on passwords and phrases and to design and deploy more secure Passwordless multi-factor authentication, reducing their expose to potential data breaches immediately by 80+ %. In redesigning the process, we saved 85% of time and spend on IT Service desk password query matters, freeing up staff time to undertake other more useful tasks and to win more clients. We designed and delivered a tailored incident response and communications plan which supported the client as they recertified for ISO27001 and achieved Cyber Essentials Plus.