Many organisations do not have the necessary expertise internally to know which Data Protection and Information Security policies are needed or how to prepare them.
Our policy development service can bring clarity on what you need to do to demonstrate compliance with data protection laws and information security standards.
Our consultants have experience of working with large and more complex organisations, public sector bodies and SMEs helping them to ensure they have the right policies in place.
The purpose of Information Security Policies is to provide a strategic focus and direction for information security management within an organisation, to define agreed rules to ensure best practice security is applied.
The aim of information security policies is to address security threats and implement strategies to mitigate information security risks, and how to recover when a malicious attack occurs. They also provide a guideline to employees on what to do and what not to do, ultimately to try to keep your organisation secure.
Data Protection Policies set out how your organisation protects and processes personal data. They lay out a set of principles, rules and guidelines that inform how you will ensure ongoing compliance with data protection laws.
We determine which policies are required for your organisation and assist you with reviewing, revising and/or developing policies.
BH Consulting advise on the appropriate cybersecurity and data protection policies, guidelines, codes of practice and system safeguards which should be in place to protect personal and sensitive data.
BH Consulting conduct a review of the information security and/or data protection policies in place, which will entail the following;
- Gap analysis of policies and procedures with respect to regulatory requirements and scope
- Development of any missing policies, ensuring they properly reflect the working environment
The policies will be developed in collaboration with key staff.
Other tasks which may be undertaken if required:
- Check staff awareness of the relevant processes and procedures in place
- Provide advice around utilising audit logs and other evidence to demonstrate that policies, processes and procedures are being adhered to
Typical Cybersecurity Policies
Typical Data Protection Policies
This service can be carried out remotely.