Data privacy and cyber security

Moore ClearComm is part of Moore Kingston Smith. Our services include data privacy, cyber security, business continuity and information security to organisations worldwide.

As trusted advisers to businesses and nonprofit organisations, we are passionate about helping our clients achieve data privacy compliance and cyber secure environments. Our highly experienced people have the strategic insight, drive and dedication to deliver results.

We are part of the Moore Global Network, present in 110 countries with over 30,000 employees. We have the global reach to provide you with rapid access to the right people in the right places to deliver international solutions.

As part of the network, we have the resources to enable us to be accessible, responsive and facilitate staff continuity, which our clients highly value.

Find out more

Choose a tab on the left for more details.

Lead Contact

Benn Davis

Managing Director – Moore ClearComm
+44 (0)7768 234823
Email: Benn Davis



Data privacy

Simply put, data protection is about guarding people from the misuse of their personal information, by creating legal responsibility for keeping that information held as securely as possible. Read below for our data privacy services or contact our team for more details.

Data privacy auditing and compliance

Compliance in line with data protection laws is having serious implications for any organisation that does not follow the rules when processing any personal data.

Data subjects now have full control of their personal information. With enhanced rights and an emphasis on fairness, transparency, accuracy and security, compliance will effectively prevent the unauthorised processing of personal information; in short, people will be empowered.

Our experienced professionals can:

  • Carry out data mapping, review policy and procedures. Create internal frameworks.
  • Report on your organisation’s current position benchmarked against the data protection law enabling your organisation to work toward continual compliance.

 

Outsourced Data Protection Officers (DPO)

We offer Independent outsourced certified Data Protection Officers (DPO) working within your organisation.

Our service ensures data compliance is proactively managed whilst advising your organisation and employees on current Data Protection law along with liaising with relevant Supervisory Authorities.

The service includes regular policy and procedure reviews, Records of Processing (RoPA) implementation and working with your organisation to build a culture of data protection.

Our certified Data Protection Officers will:

  • Give on-going advice to your organisation to ensure daily compliance needs are met.
  • Deal with subject access requests, create and review DPIA’s.
  • Help with data breach issues and if required, liaise with the Supervisory Authority.
  • Carry out regular staff training with continual up-to-date advice on data Protection laws.

 

Data protection training

Many data protection laws require that staff under-go training as part of the compliance process. We offer this service through either our E-Learning Platform or on-site training.

Without training your staff you cannot duly protect one of your most valuable assets; the data within your organisation.

Our E-Learning takes your staff through the requirements of the Data Protection and Privacy law. The programme will give employees a detailed insight into what the regulation entails and allow them a full understanding of the law along with delivering personalised E-Learning Certification for each employee.

Our on-site training is delivered directly by our certified Data Protection Officers offering tailored courses aligned to your organisation.

EU and UK GDPR representation

The GDPR requires organisations not established in the EU to appoint a representative in an EU member state, if the organisation monitors the behaviour of individuals or if it is apparent that the organisation intends to offer goods or services to individuals in the EU. On leaving the EU, organisations in the UK will be subject to the same requirements.

In addition to this, when the UK leaves the EU, organisations not based in the UK who are offering goods or services to individuals in the UK or monitoring their behaviour will be required to appoint a UK representative, to comply with UK data protection law.

The Information Commissioner’s Office has stated that ‘the UK government intends that now the UK has left the EU, that the UK GDPR will require organisations located outside of the UK, but which still have to comply with the UK GDPR, to appoint a UK representative’.

Cyber security

Our cyber security services include risk management, incident recovery planning, security assessment and penetration testing. Read below or contact the team for more details.

Cyber essentials

The UK Government scheme is designed to protect organisations against 80% of the most common cyber-attacks, which can impact businesses of all sizes, industries, and sectors.

The five controls within the Cyber Essentials scheme are designed to protect your organisation against these types of cyber-attacks and guard your internet connection, devices, data and services.

We are a certified IASME Gold Cyber Essentials Auditor offering two levels of certification:

Basic Level Cyber Essentials certification is self-assessment and provides a basic level of assurance that the controls have been implemented correctly by the organisation.

Cyber Essentials Plus covers the same requirements but in addition includes an on-site audit and therefore provides the independent assurance of the effectiveness of these controls.

Cyber incident recovery planning

An ever-increasing number of cyber-attacks are being carried out year on year, and nearly half (43%) of all cyber-attacks are now targeting organisations with 250 employees or fewer, which means the likelihood of being the victim of a cyber-attack is higher than ever. And while it is essential to take steps to prevent cyber-attacks, it is abundantly clear that it can still happen to you regardless.

Our approach begins with a cyber risk assessment to identify the areas where you are most exposed to a cyber-attack. This helps determine the types of incidents that can potentially occur and provides a baseline for establishing cyber disaster scenarios on which to base your cyber disaster recovery plan.

We work collaboratively with your organisation to develop practical recovery plans that meet your specific recovery criteria, focusing on breach containment and recovery to normal operations.

MS365 security assessment

With the ever-increasing popularity of cloud-based computing, there is a notable rise in security incidents involving Microsoft 365 and the associated services. Microsoft 365 is targeted disproportionately by criminals and cyber-attackers due to its relative popularity and the wealth of company data hosted on the platform.

Compromising Microsoft 365 tenants, predominantly via phishing or other social engineering attacks, allows attackers to remotely access sensitive data in the cloud without penetrating the corporate perimeter.

Our Microsoft 365 Security Assessment reviews your configuration and internal procedures to ensure your organisation implements best security practices on your Microsoft 365 tenancy.

Cyber risk management

Our economy, society and individual lives have become transformed by digital technologies. They have enabled improvements in science, logistics, finance, communications and a whole range of other essential activities.

Consequently, we have become reliant on digital technologies leading to potential data breaches and hacking exposing our organisations.

Our cyber team can help your organisation mitigate risk by helping you:

  • Identify the cyber risk
  • Assess the impact on the business
  • Understand incident level
  • Review risk treatment options
  • Create an organisational strategy
  • Carrying out a technical overview
  • Review of systems and practices
  • Identify internal vulnerabilities
  • Review policies and procedures

 

Penetration testing

High-profile security breaches continue to dominate the media headlines. Breaches are growing in amount and complexity while malicious hackers actively develop new and more sophisticated forms of attacks every day. Having anti-virus software and a firewall, as well as assuming that your business is secure, is no longer enough.

Modern businesses require an advanced approach to security and due diligence, and this includes the need to test their resilience in the face of cybersecurity threats.

We offer a range of penetration testing services to help you avoid costly security breaches that put your organisation’s reputation and customers’ loyalty at stake by finding security vulnerabilities before an attacker does.

Our services include:

  • Web and mobile application testing
  • Internal and Onsite testing
  • Infrastructure Vulnerability Testing
  • Phishing simulations

 

Virtual chief information security officer (vCISO)

Chief Information Security Officers (CISO) perform an essential role within many organisations, creating and ensuring delivery of security strategies that deal with increasing regulatory demands and emerging, ever evolving cyber threats. It is a senior level role and brings the CISO into contact with C-suite executives, as part of the leadership team within the organisation.

Mid-sized organisations often require a range of resources that extend beyond the standard CISO remit, with additional technical, communicative, administrative, compliance and project management needs – required to support and facilitate a strong and ever evolving information security framework.

Moore ClearComm’s virtual CISO (vCISO) service delivers a comprehensive, outsourced platform with the experience, technical acumen, structure and range of resources your organisation requires in order to build and maintain an effective information / cyber security program. vCISO offers a cost-effective alternative to employing a CISO full-time and provides a robust, wide ranging security service package.

vCISO supports your senior leadership, privacy, security and technology teams to ensure your information assets are safeguarded – while ensuring business operations are underpinned with a range of information governance expertise. The result is reduced business risk, a clear commitment to data security and an enhanced security posture, reassuring your clients, stakeholders and supply chain.

SOC2 implementation and auditing

SOC 2 compliance is a component of the American Institute of Chartered Public Accountants (AICPA)’s Service Organization Control suite of services. Its goal is to make sure that Service Providers’ systems are set up so, they assure security, availability, processing integrity, confidentiality, and privacy of customer data. SOC 2 compliance is a minimum requirement for many US-based listed companies when considering a third-party service provider, particularly for providers of Cloud-based applications.

Through our background in SOC 2, IT and security auditing, our consultants understand the level of rigour required for a service provider to prepare for and pass SOC 2 Type 1 and Type 2 audits.

IASME governance certification

The IASME Governance certification was developed to create a cyber security standard that would be an affordable and achievable alternative to the international standard, ISO27001.

The IASME Governance standard allows the small companies in a supply chain to demonstrate their level of cyber security for a realistic cost. It indicates that they are taking relative steps to protect their customer’s information correctly.

The IASME Governance assessment includes a Cyber Essentials assessment. The evaluation also includes an optional assessment against the GDPR requirements

ISO27001

ISO27001 (ISO/IEC27001:2013) is the internationally accepted management system standard for Information Security. The standard is well recognised worldwide, ranking as one of the most popular global information security standards. An ISO 27001 certification demonstrates that an organisation can protect their data systems and information assets, keeping them safe and secure.

Our implementation approach is shaped by pragmatism and years of experience in information security – we focus on what is required to manage information security well within your organisation, with ISO 27001 certification.

ISO27701 privacy information

ISO 27701 is a privacy extension to ISO 27001 and is specifically designed to help protect and control the personal data you process. The Privacy Information System (PIMS) is used to demonstrate compliance with relevant global privacy regulations.

A Privacy Information System in conjunction with ISO 27001 is a practical management tool to help you stay on top of privacy within your organisation.

[ClearComm] have made the new data protection rules work for us and in our particular circumstances, this has enabled us to grow our business and work with more charities knowing that we are compliant.

Anon
Give as you Live