We perform various services that help organisations find security, privacy, and navigate complex compliance.
Today’s advanced systems, networks and services require heightened technical fortification to ensure data is protected from cyberattack and loss. The worst two words a CEO can hear are data breach, because the fallout is lasting and the reputational damage regrettable.
How do you know web portals and databases are competently protected without testing the fortification?
At Allendevaux & Company, we provide independent assessment services to review configurations, scan for weaknesses and pentest the security posture of a service or system.
Driven by a certified team of cybersecurity analysts, findings are organised into a report that can be used to identify and remediate weaknesses. The types of activities usually involve:
Application & app testing
Organised findings report
When the cadence is repeated, it heightens the security posture of the organisation and its services.
Data Protection as a Service
This is one of the most popular offerings, aggregating all our professional services into one package. For a fixed monthly fee, access our service desk of professionals, bringing them into customer-facing or internal matters.
This includes access to teams comprised of privacy lawyers and data protection specialists, certified cybersecurity analysts and pentesters, ISO-certified auditors and implementers, IAPP certified policy writers and more.
Smaller-sized organisations can access this service for the price of 1 headcount.
Services are numerous and include vulnerability scanning, penetration testing, data processing agreements, upkeep of data protection system, assistance with data subject requests, incident management, risk assessments, supplier vetting, privacy policies, cookie audits, cookie notices, internal audits, questionnaire responses, marketing and consent practices, maintaining effective measures and more.
ISO/IEC 27001 Implementation
Customers expect superlative security protections when entrusting service providers with confidential data. But as data breaches trend upward, the fear is very real that customer data may be exposed to cyberattack or less. How can one be absolutely sure best practice protections are implemented?
The most recognised solution to data protection trust and assure is to implement an ISO/IEC 27001 data protection system. Companies bearing this seal have implemented a systematic set of policies adhering to multinational regulations, providing enhanced levels of protections, audited by third party certified assessors.
Through a 7-step process, we implement a system that:
lowers risk of threats;
bolsters assurance in the supply chain;
promotes stakeholder satisfaction;
minimises financial loss from attack or negligence;
achieves regulatory compliance; and
earns worldwide respect.
This process bolsters trust and assurance in best security practices.
Cloud Security & Big Data
ISO/IEC 27001:2013 certification isn't good enough anymore for organisations storing big data or volumes of regulated data in the cloud. ISO/IEC 27017 is the new baseline and is often paired with ISO/IEC 27018 controls.
If you're a cloud service provider storing lots of sensitive data, don't be caught off guard. Set up the appropriate frameworks and stay up to date. Companies such as Microsoft, Google and Salesforce implement three-fold system: ISO/IEC 27001 + ISO 27017 + ISO 27018.
Here's how we'll help you:
Start with ISO 27001 as scaffolding
Add ISO/IEC 27017 system controls
Add IEC 27018 system controls
This triad establishes superlative data protections, setting organisations apart from competitors and establishing trust with customers.
Murphy’s First Law states that “things will go wrong in any given situation, if you give them a chance.” But by measuring and mitigating risk, chance can be minimised, and risk can be managed.
Many laws require organisations to conduct formal risk assessments to minimise the chance of breach. That's why there are risk management frameworks such as ISO/IEC 27005.
Allendevaux & Company will:
Conduct a risk assessment;
Identify untreated risks;
Quantify current risk levels; and
Implement a risk management framework.
When organisations process healthcare data, the stakes are higher, involving complex statutory obligations, exposure to larger fines, and heightened risks. In the EU, special requirements concerning Article 9 data overlap with national derogations. In the US and Canada, HIPAA and PIPEDA laws mandate specific practices; and some states have added responsibilities.
At Allendevaux & Company, we understand data protection healthcare requirements around the world.
We provide several scopes to ensure healthcare compliance:
Healthcare risk assessment
Healthcare gap analysis
Healthcare data protection implementation
Legal & Regulatory Compliance
At a time when data breaches are surging upward at a startling rate, over one hundred countries around the world have enacted data protection laws, requiring organisations to understand statutory obligations and implement best practice safeguards to protect the information with which they’re entrusted. Laws such as the EU’s GDPR and California’s CCPA have raised the bar, extending extraterritorial reach to protect data subjects by processors abroad.
At Allendevaux & Company, we help our clientele take an inventory of geographic and sectoral regulations affecting data subjects and data processed.
We build a legal register from which statutory obligations are tracked and policies are created, framing the components of a strong information security management system. For multinational companies with complex compliance obligations, we untangle and demystify regulatory confusion, combing through data protection, transborder flow and data localisation law that entities must understand and implement.
Marketing & Global Privacy
If you’re engaged in sending marketing emails, you should know your statutory obligations in areas of the world where your emails are received. By implementing a marketing policy that takes into consideration the statutory obligations of applicable territories, you will avoid costly pitfalls.
We facilitate compliance with international marketing laws by identifying the geographic footprint of a campaign and creating policies to reflect statutory obligations. We update privacy notices, write consent messages and advise on praxis.
Data Protection Officer-as-a-Service
Article 37(5) of the GDPR requires the Data Protection Officer be designated on the basis of professional qualities, with proficient knowledge of data protection law and practice. The DPO ensures an organisation processes personal data individuals in compliance with data protection law.
Outsourcing the DPO function:
demonstrates autonomy; no conflict of interest
access to a pool of varying resources
cost-effective compared to internal appointment
Information Security Training
People are often the weakest link in data management and mishaps. Laws around the world require organisations to formally train employees about privacy principles and security responsibilities. Most organisations require training to be completed by all new starters, refreshing training every 12 months.
At Allendevaux & Company, we have created a modular training programme of short videos. Individuals can log-in, watch each video and complete a short assessment, earning a certification after completing relevant modules.
Get In Touch
Have any questions? Feel free to contact us with any questions you have and we’ll get back with you.