Data GRC Advice Assess Change Train Comply About Contact

Contact us...

+44 (0) 208 133 0242

Assessment | Assurance | Audit

Independent specialist review of your privacy and security controls

Understanding risks and compliance gaps


The business risk related to data privacy and security has never been so large. As a result, it is more important than ever for senior business leaders to understand whether the right controls have been implemented and whether those controls are working effectively.

Our privacy and security subject matter specialist auditors can engage with your organisation, to quickly and discretely assess the control environment and highlight areas of potential opportunity.

Over the last 18 months, many of our engagements have been the broad assessment of organisations' alignment with GDPR or security standards. Following remediation activities, those clients are now moving to more regular assurance reviews.

We also help clients when assessing their supply chain risk from vendors and third parties, which could otherwise create risks and liabilities that the business is not aware of.

Contact us to discuss privacy and security assurance services.

Some of the main industry standards that we use during assessments are outlined below.

Technical GDPR_Assessment Training Change

DataGRC Data Protection Framework

Developed through client engagements and incorporating a range of industry standards, the DataGRC Data Protection Framework provides a broad coverage of requirements for the EU General Data Protection Act 2018 (GDPR), UK Privacy and Electronic Communication Regulations 2003 (PECR) and UK Data Protection Act 2018 (DPA). The assessment consists of 77 controls, in 14 categories:
  1. Organisation
  2. Policies
  3. Training
  4. Data Mapping
  5. Lawful basis
  6. Retention
  7. Impact assessment
  8. Security
  9. Privacy Notices
  10. Supply Chain
  11. International
  12. Privacy Operations
  13. Breach Management
  14. Assurance

Completion of the assessment provides clear guidance to senior leadership teams around levels of compliance and opportunities for improvement. Function specific staff can also use the assessment to drive and monitor remediation activities.

BS10012 PIMS Data Protection

This privacy framework includes:

ISO 27001

This information security management system (ISMS) includes:

Companies can be certified under IAF/UKAS accredited schemes.

ISO 27002

This security control code of practise includes:

Cyber Essentials

This cyber security control framework includes:

NIST Framework

This cyber security control framework includes:



Contact Us to discuss your requirements

+44 (0) 208 133 0242