Compliance Support Guidance

PrimoConnect can assist in providing experienced compliance support guidance resource for respected cyber certifications, standards and regulations including Cyber Essentials / Cyber Essentials Plus, ISO 27001, PCI DSS and GDPR.

Cyber Essentials / Cyber Essentials Plus

Two of the best known cyber certifications available are Cyber Essentials and Cyber Essentials Plus.  Cyber Essentials and Cyber Essentials Plus help you to guard against the most common cyber threats and demonstrate your commitment to cyber security.  Our consultants run through a gap-analysis exercise and subsequent guidance to help prepare your business to become Cyber Essentials (Plus) certified.

ISO 27001:2013

ISO 27001:2013 (ISO 27001) provides a framework of policies, procedures and controls to address legal, physical and technical information security risks to your business.

Based on the Annex SL ISO 27001 can be easily implemented with existing Standards such as ISO 9001 or operate as a standalone system.

ISO 27001 is suitable for any organisation that wants to improve Information security and build a culture of continual improvement.

ISO 27001 is the worlds most recognised Information Security Management System and is seen as the global Gold Standard in information security.

PCI DSS

One of the biggest barriers to managed services adoption according to the Claranet Research Programme is data security, with seventy-one per cent of respondents saying it was an important concern to consider before migrating to a cloud provider.

For businesses reliant on e-commerce, the safeguarding of customer financial data is crucial in retaining customer trust. Without it nobody will buy from you, and it doesn’t matter who it is in the e-commerce transactional chain who messes up; if a customer bought from your site, any problems will be blamed on you.

Consequently the thinking amongst many IT managers seems to be that the closer data and process is to their chests, the safer it is, so they try to keep as much in-house as possible.

However, this logic isn’t necessarily sound. While everyone in a the e-commerce transaction chain (below) must be PCI DSS compliant in their own right, the burden of actually making sure all the key tenets of PCI DSS compliancy are enforced all the time, along with the management of internal infrastructure produces more pressure on in-house IT departments, ultimately leading to data security issues.

GDPR

Every company has a requirement to ensure that their organisation adheres to the General Data Protection Regulation (GDPR) legislation.  There is an opportunity to use the GDPR to review current policies, structures, processes and technology and, as well as ensuring that all privacy obligations are met, to use the exercise to enhance and improve working practices.

PrimoConnect can provide GDPR gap analysis audits and guidance for compliance.

GDPR came into force on 25th May 2018.  Our GDPR compliance support engagement is designed to assess the readiness of customers to adhere to the key principles of GDPR and prepare a plan of action to be ready for GDPR as soon as possible.

Contact us to find out more