Compliance
Navigating the complex world of regulations and legal requirements can be daunting, but it’s essential for protecting your business and maintaining trust.
DORA
The Digital Operational Resilience Act (DORA) is an EU regulation designed to ensure that financial institutions can withstand and respond to cyber threats and operational disruptions, by establishing uniform requirements for cybersecurity, incident reporting, and third-party risk management across the financial sector.
NIS2
The 2nd iteration of the Security of Network and Information Systems (NIS2) Directive is an EU cybersecurity directive that aims to strengthen the security of critical infrastructure by widening the scope to more sectors, imposing stricter security requirements, and enhancing cooperation and information-sharing between EU member states to better protect against and respond to cyber threats.
GDPR
The General Data Protection Regulation (GDPR) is a comprehensive EU law that governs the collection, processing, and storage of personal data, granting individuals significant rights over their data while imposing strict obligations on organisations to ensure data privacy, transparency, and security, with substantial penalties for non-compliance.
PSD2
The Payment Services Directive 2 (PSD2) is an EU regulation that aims to make electronic payments more secure, boost innovation, and enhance consumer protection by enforcing strong customer authentication, enabling third-party providers to access bank account information with user consent, and promoting competition in the financial services sector.
DSA
The Digital Services Act (DSA) is an EU regulation designed to create a safer and more accountable online environment by establishing clear responsibilities for online platforms, enhancing transparency in content moderation, and imposing obligations to prevent the spread of illegal content, protect users’ rights, and ensure greater accountability from large digital platforms.
DMA
The Digital Markets Act (DMA) is an EU regulation aimed at promoting fair competition in the digital economy by imposing strict rules on large online platforms, known as “gatekeepers,” to prevent anti-competitive practices, ensure market openness, and protect the rights of businesses and consumers in the digital marketplace.
eIDAS
The EU Regulation on Electronic Identification and Trust Services (eIDAS) establishes a standardised legal framework for secure electronic identification and trust services across the EU, ensuring the validity and interoperability of digital transactions across member states.
ePrivacy
The ePrivacy Regulation (upcoming) is an EU regulation intended to complement the GDPR by focusing specifically on the privacy and confidentiality of electronic communications, including rules on the use of cookies, direct marketing, and tracking technologies, ensuring that users’ online activities are protected with clear consent requirements and stricter controls over data processing.
DPO & CISO
The DPO is a key role within an organisation, responsible for overseeing data protection strategies and ensuring compliance with data privacy laws, such as the GDPR.
The CISO is a senior executive responsible for developing and implementing an organisation’s information security strategy.
Both of these are Officer-as-a-Service.
Standards
In today’s global marketplace, adhering to international standards is not just about compliance—it’s about demonstrating your commitment to excellence.
ISO 27001
ISO/IEC 27001 is an international standard that provides a framework for managing and protecting sensitive information through a systematic approach to information security, ensuring risk management and compliance.
ISO 27701
ISO/IEC 27701 is an international standard that provides a framework for managing and protecting personal data, reduce privacy risks, and demonstrate compliance with privacy laws.
SWIFT CSP
The SWIFT Customer Security Programme (CSP) is a mandatory set of security controls designed to protect financial institutions’ SWIFT-related infrastructure from cyber threats, ensuring secure and resilient international financial transactions.
Governance
Effective cyber governance is the backbone of a secure and resilient organisation. It focuses on creating and maintaining a robust framework that aligns your cybersecurity strategy with your business objectives.
Policy
Policy development involves creating comprehensive guidelines and procedures that govern an organisation’s cybersecurity practices, ensuring consistent protection and compliance across all operations.
Risk
Risk assessment and management involves identifying, evaluating, and prioritising potential cybersecurity risks to an organisation, followed by implementing strategies to mitigate, monitor, and control those risks to protect assets and ensure business continuity.
Incident
Incident response involves developing and executing a structured approach to detect, contain, and recover from cybersecurity incidents, minimising damage and ensuring a swift return to normal operations.
Continuity
Business Continuity Planning (BCP) involves creating strategies and procedures to ensure that an organisation can maintain or quickly resume critical operations during and after a disruptive event, such as a cyberattack, ensuring minimal impact on business functions.
3rd Party
Third-party risk management involves assessing and mitigating the cybersecurity risks posed by external vendors, partners, and service providers to protect an organisation’s data and systems from vulnerabilities that could arise from these external relationships.
Cloud
Cloud security governance involves establishing policies, procedures, and controls to manage and secure data, applications, and services in cloud environments, ensuring compliance, protecting against threats, and aligning cloud usage with organisational goals.
Intelligence
Threat intelligence involves gathering, analysing, and applying information about current and emerging cyber threats to help an organisation anticipate, prevent, and respond to potential attacks more effectively.
Forensics
Digital forensics involves the identification, preservation, analysis, and documentation of digital evidence from electronic devices and networks, typically following a cyber incident, to uncover the cause, impact, and perpetrators of the attack.
Board Advisory
Board cyber advisory involves providing strategic guidance and expert insights to an organisation’s board of directors on cybersecurity risks, policies, and strategies, ensuring that cybersecurity is integrated into the overall business strategy and governance practices.
Supply Chain
Supply chain security involves protecting an organisation’s supply chain from cybersecurity threats by assessing and mitigating risks associated with third-party vendors, ensuring that all components of the supply chain maintain robust security standards to prevent breaches or disruptions.
Strategy
Strategy development involves creating a comprehensive plan that outlines an organisation’s long-term approach to cybersecurity, aligning security goals with business objectives, and defining the necessary actions, resources, and timelines to achieve a strong security posture.
Monitoring
Compliance monitoring involves continuously tracking and evaluating an organisation’s adherence to relevant laws, regulations, and industry standards, ensuring that all cybersecurity practices remain up-to-date and in line with legal and regulatory requirements.