The right approach to information security is vital in achieving GDPR compliance but for many organisations it could require a major revision of their security strategy and tactics. With compliance mandatory by May 25th, 2018 there's little time to lose.
Unlike many checkbox driven compliance programmes, the GDPR is a risk-based framework. Because it covers personal data, GDPR focuses on having the right governance structure, policies and operational practices, as well as monitoring, detection and response processes in place. For these reasons, there are important implications for information security practice, which could require significant changes for organisations that aren't already prepared.
To help you identify gaps in the information security measures necessary for GDPR compliance and to get your security operations and processes ready for the GDPR, Secureworks' consultants and GDPR practitioners can help you across four GDPR-specific streams of work.
- A Secureworks GDPR Controls Assessment engagement helps organisations identify the data in and out of scope of GDPR, build data flows and understand its current state of maturity and gaps in security practice against the GDPR standards for information security and incident response practices, to produce a roadmap to compliance.
- A Secureworks GDPR Programme Development engagement is a highly tailored approach to help build appropriate measures to meet each organisation's specific requirements for compliance with the GDPR.
- A Secureworks Data Protection Impact Assessment engagement helps manage risks to personal information. Secureworks can help build the DPIA process, as well as help organisations undertake regular DPIAs when new projects, services or third parties come into scope of the GDPR.
- A Secureworks GDPR Programme Assurance engagement is key to testing, operating and managing compliance from initial implementation through to ongoing assurance exercises and testing.
In addition, Secureworks offers Monitoring, Detection and Response Solutions to support the information security and incident response aspects of the GDPR.
- Security Monitoring
- Technical Testing
- Proactive Incident Response
- Vulnerability Management
- Managed Security Services
Together or separately, these dedicated services, from our expert and qualified specialists, put you in the best possible position to discover how you fall in scope, assess your maturity, implement security controls and processes to patch gaps and maintain the best ongoing security posture for GDPR compliance.