Compliance Services

Due to the nature of business, many industries are required to store sensitive information on their systems.
Hospitals for example store sensitive medical records, insurance companies need to know about driving offences and previous convictions and online businesses will often store the credit card details of the people who buy from them.

In recent years the numbers of regulations and standards involving information security have risen sharply.

While some such as the Payment Card Industry Data Security Standards (PCI DSS) are very technical in nature they are relatively clear on the steps required in order to become compliant.

At the same time, others such as the Data Protection Act and Sarbanes-Oxley (Section 404) could be considered vague on the specifics of what they are looking for in terms of information security policies, technologies and processes.

As we are an ISO 27001certified company, we help our clients implement a system based on the foundations of this standard. ISO 27001is globally recognised as best practise and deals solely with information security, so taking this approach will generally satisfy the vast majority of  mandated information security compliance issues.

This is of great benefit for organisations that must comply with numerous regulations, as it is often a case of satisfying all information security compliance issues with one approach.