Data compliance and governance

Whilst recognising the growing importance of regulatory compliance within every sector, from manufacturers maintaining ISO certifications to law firms complying with SRA regulations, without effective data governance, how confident can your organisation be that it is adhering to the appropriate regulations?

Quiss has a long history of helping clients instigate effective data governance and compliance measures as part of the ongoing delivery of managed IT services. Now we make this expertise available as a standalone service to ensure your business is compliant, whatever it is you do.

Our team is ready to help you overcome the data challenges you face, with a particular focus in these areas:

Security audits and reviews – Benchmark your business/department against recognised best practice and receive a maturity report showing where your strengths and weaknesses are.

Data Privacy assessments – Benchmark personal data risk and exposure based on best practice models and receive a report showing where risks are hiding.

Recommendations for improvements – Receive recommendations for improvements against any identified weaknesses.

Risk Assessments – Get assistance with building meaningful risk assessments that allow you to make informed decisions.

Policy assistance – Advice on developing policies that address ISO security controls.

Project assistance with ISO standards and cyber essentials – If you have an aspiration to achieve an ISO standard, or cyber essentials, then you may need formal guidance on milestones and what constitutes compliance with the standard. Quiss can help you put these milestones in place and help you achieve them.

Assistance with questionnaires – Many questionnaires are written by technical people for technical people. If you do not have an in-house resource, then maybe we can help guide you to the right answers.

Informal advice on security/data privacy – Struggling with the governance or legal premise of compliance, but do not wish to engage formally with a specialist company? Quiss can help you take a view on situations and risk assess them to reduce the chance of paying out high fees to fix low risk.

Until we talk, it’s hard to explain in detail how these would be delivered, but typically our clients pay for a number of hours in advance, based on expected requirements and our recommendation.

The various services are offered on an hourly, half day or day rate basis that you can call-off as you need our support – whatever works best for you, to keep you compliant as your business changes.

Andrew Mountstephens leads Quiss data compliance and governance team

Andrew is our Information Security Manager and has an extensive career working within the innovation of digitised document management services for large financial and government entities.

Originally a hands-on application engineer who gravitated to management, looking after multiple types of technical teams from presales to implementations and operations, he later became involved in the security and governance aspects of digital security as part of early adoption by leading companies.

Over time his skills have transferred from networking and applications into security best practice. Andrew has held professional qualifications including CISSP (Certified Information Systems Security Professional) and CISA (Certified Information Security Auditor) for over 10 years and has become an expert in security best practices and the auditing of effectiveness.

He also has qualifications in GDPR and experience in many forms of governance and standards including quality, environmental, health and safety, business continuity, legal admissibility in a court of law, shredding and destruction.

If you have any concerns over data compliance and governance, in both digital and physical formats, within your business, please get in touch today for the experienced support you need.