The Challenge

Many organisations do not have the necessary expertise internally to know which Data Protection and Information Security policies are needed or how to prepare them.

Our policy development service can bring clarity on what you need to do to demonstrate compliance with data protection laws and information security standards.

Our consultants have experience of working with large and more complex organisations, public sector bodies and SMEs helping them to ensure they have the right policies in place.

The Service

The purpose of Information Security Policies is to provide a strategic focus and direction for information security management within an organisation, to define agreed rules to ensure best practice security is applied.

The aim of information security policies is to address security threats and implement strategies to mitigate information security risks, and how to recover when a malicious attack occurs. They also provide a guideline to employees on what to do and what not to do, ultimately to try to keep your organisation secure.

Data Protection Policies set out how your organisation protects and processes personal data. They lay out a set of principles, rules and guidelines that inform how you will ensure ongoing compliance with data protection laws.

We determine which policies are required for your organisation and assist you with reviewing, revising and/or developing policies.

BH Consulting advise on the appropriate cybersecurity and data protection policies, guidelines, codes of practice and system safeguards which should be in place to protect personal and sensitive data.

BH Consulting conduct a review of the information security and/or data protection policies in place, which will entail the following;

  • Gap analysis of policies and procedures with respect to regulatory requirements and scope
  • Development of any missing policies, ensuring they properly reflect the working environment

The policies will be developed in collaboration with key staff.

Other tasks which may be undertaken if required:

  • Check staff awareness of the relevant processes and procedures in place
  • Provide advice around utilising audit logs and other evidence to demonstrate that policies, processes and procedures are being adhered to

Typical Cybersecurity Policies

  • Information Security Policy (Over-Arching Policy)
  • Password Policy
  • Bring Your Own Device (BYOD) Policy
  • Mobile Computing Policy
  • Clear Screen / Clear Desk Policy
  • ISMS Improvements Policy
  • ISMS Policy
  • Social Media Policy
  • Acceptable Use Policy
  • Business Continuity
  • Change Management
  • Encryption and Key Management
  • Information Security Incident Response
  • Remote Working Policy
  • Third Party Management

Typical Data Protection Policies

  • Privacy Policies (for employees and for use on websites)
  • Data Breach Policy
  • Subject Access Rights Policy
  • Data Retention Policy
  • Data Protection Impact Assessment Policy (including a Privacy by Design Policy)

This service can be carried out remotely.

The Benefits

  • Mitigate your Information Security risks
  • Demonstrate your compliance with Data Protection laws
  • To align with, or prove compliance with industry standards
  • Protect your organisation from malicious attacks
  • Protect valuable data
  • Increase trust and credibility among staff and 3rd parties

Let’s Talk

Please leave your contact details and a member of our team will be in touch shortly.

"*" indicates required fields