Services

Today’s advanced systems, networks and services require heightened technical fortification to ensure data is protected from cyberattack and loss. The worst two words a CEO can hear are data breach, because the fallout is lasting and the reputational damage regrettable.

How do you know web portals and databases are competently protected without testing the fortification?

At Allendevaux & Company, we provide independent assessment services to review configurations, scan for weaknesses and pentest the security posture of a service or system.

This is one of the most popular offerings, aggregating all our professional services into one package. For a fixed monthly fee, access our service desk of professionals, bringing them into customer-facing or internal matters. 

This includes access to teams comprised of privacy lawyers and data protection specialists, certified cybersecurity analysts and pentesters, ISO-certified auditors and implementers, IAPP certified policy writers and more. 

Smaller-sized organisations can access this service for the price of 1 headcount. 

Customers expect superlative security protections when entrusting service providers with confidential data. But as data breaches trend upward, the fear is very real that customer data may be exposed to cyberattack or less. How can one be absolutely sure best practice protections are implemented?

The most recognised solution to data protection trust and assure is to implement an ISO/IEC 27001 data protection system. Companies bearing this seal have implemented a systematic set of policies adhering to multinational regulations, providing enhanced levels of protections, audited by third party certified assessors.

ISO/IEC 27001:2013 certification isn't good enough anymore for organisations storing big data or volumes of regulated data in the cloud. ISO/IEC 27017 is the new baseline and is often paired with ISO/IEC 27018 controls.

If you're a cloud service provider storing lots of sensitive data, don't be caught off guard. Set up the appropriate frameworks and stay up to date. Companies such as Microsoft, Google and Salesforce implement three-fold system: ISO/IEC 27001 + ISO 27017 + ISO 27018. 

Murphy’s First Law states that “things will go wrong in any given situation, if you give them a chance.” But by measuring and mitigating risk, chance can be minimised, and risk can be managed.

Many laws require organisations to conduct formal risk assessments to minimise the chance of breach. That's why there are risk management frameworks such as ISO/IEC 27005. 

When organisations process healthcare data, the stakes are higher, involving complex statutory obligations, exposure to larger fines, and heightened risks. In the EU, special requirements concerning Article 9 data overlap with national derogations. In the US and Canada, HIPAA and PIPEDA laws mandate specific practices; and some states have added responsibilities.

At Allendevaux & Company, we understand data protection healthcare requirements around the world.

At a time when data breaches are surging upward at a startling rate, over one hundred countries around the world have enacted data protection laws, requiring organisations to understand statutory obligations and implement best practice safeguards to protect the information with which they’re entrusted. Laws such as the EU’s GDPR and California’s CCPA have raised the bar, extending extraterritorial reach to protect data subjects by processors abroad.

At Allendevaux & Company, we help our clientele take an inventory of geographic and sectoral regulations affecting data subjects and data processed. 

If you’re engaged in sending marketing emails, you should know your statutory obligations in areas of the world where your emails are received. By implementing a marketing policy that takes into consideration the statutory obligations of applicable territories, you will avoid costly pitfalls.

Article 37(5) of the GDPR requires the Data Protection Officer be designated on the basis of professional qualities, with proficient knowledge of data protection law and practice. The DPO ensures an organisation processes personal data individuals in compliance with data protection law. 

People are often the weakest link in data management and mishaps. Laws around the world require organisations to formally train employees about privacy principles and security responsibilities. Most organisations require training to be completed by all new starters, refreshing training every 12 months.