Case Studies

Case Study 1: Cybersecurity Enhancement

Security Privacy Compliance worked with a small business to enhance their cybersecurity measures. By conducting a thorough risk assessment, implementing custom security solutions, and providing employee training, we were able to significantly improve the client's overall security posture.

Case Study 2: Compliance Audit Success

Through our expertise in compliance audits, Security Privacy Compliance assisted a business in achieving full compliance with regulations such as GDPR, HIPAA, and CCPA. Our team conducted regular audits, updated policies, and provided continuous monitoring to ensure the client met all necessary requirements.

2023 A Specialist Banking Operation

Governance Risk and Compliance work across the Bank’s UK subsidiary

Due diligence security investigations across some 10 third party suppliers.

Secure Change security assessments for 10 projects against the Bank’s standards for Security and Privacy.

Advised the Bank on secure acquisition of a Phish security assessment framework, including advice on MFA, Supply Chain Security and consideration of remote browser isolation (RBI).

Managed the security testing of API access to Group Foreign Exchange trading systems.

Provided security assurance and privacy compliance for a voice recording system

Worked on the security of the Jira and Confluence systems

Worked on the security of the Bank’s migration to Microsoft 365.

Assisted the bank to consider the use of the One Trust privacy management system as a basis for systemising ongoing compliance with the GDPR and to manage privacy rights requests and to automate risk mitigation for discovery and addressing of  risks. It was also considered for the management of consent and and to manage transparency with data usage and granular preferences across channels and to build detailed audit trails of engagements and opt-in/opt-outs.

2018 Security Manager UK Cabinet Office GDS

The Government Digital Service (GDS) is part of the Cabinet Office. It exists to deliver platforms, products and services that help government to become joined-up, trusted and responsive to user needs.

• Undertook ISO27001 based assessment of some 20 SAAS supply chain suppliers to ensure that their hosting of HMG business and Personal information was in line with the Risk Appetite of the Cabinet Office Senior Information Risk Owner (SIRO).
• Was security manager for the GOV.UK project, was authoritative in architecture terms to ensure that new product modules were assessed, security tested and risk accepted by SIRO before deployment.
• Assisted in the assessment of architecture proposals to move from legacy hosting to public cloud-based deployment with infrastructure-as-code for future developments were assessed.

I undertook the scoping of GBEST combined Red team and Blue team ( Purple team ) testing of GOV.UK see certification for Purple Teaming
• In the period leading up to May 2018 became authoritative in the GDPR data reporting and privacy management requirements of the standard including Data Protection Impact Assessments (DPIA and the IA technical requirements of "Security by design and default" (GDPR Article 25 Recital 78)

Unlock the Potential of Your Business

Ready to enhance your IT security, privacy management, and compliance audits? Contact Security Privacy Compliance today for expert advice and tailored solutions.