recent work

Information Assurance

The law in the UK will shortly be changing, not only presenting the UK with a far tougher Data Protection regime, but also giving the Data Regulator more powers such as the right to spot check private firms’ premises and data handling arrangments.  We’ve highlighted some of these likely changes in a PDF download.  Documenting data processes and implementing a data management system is going to be essential: systems like BS10012.

Absolute Data has developed its own audit and review tools based on the ISO9000, BS10012, ISO27001, and EFQM models and we believe that they are the best you can get.  It consists of a range of tools from quick and effective data protection audits to check that you are within the law, to a full blown information assurance system that gives you the peace of mind that data management in your company is in good shape and provides you with the evidence to prove it!

These are the 5 steps to Absolute Data Governance.

1. Review “as is”
The starting point for any project is to review the current situation – the “as is”, and to compare that to where you’d like to be (and also where you should be). Over the last 8 years we’ve developed our own audit and review framework so that it is quick, simple, and really effective. Defining where you want to get to is also equally important so we spend time with you to find that out too. Our solutions and suggestions are largely based on these two factors – but the third factor to consider is what the law says you should be doing and what you must be doing. From this initial review we’ll devise an action plan.  We’ll even factor in what the law is likely to demand when it changes in the next few months.

2. Action planning
Because our consultants have years of management experience they are realistic when it comes to devising action plans, and they are meticulous when it comes to the detail. But action plans are not for the shelf – they need to be communicated and “sold in” to people in the organisation and that’s something that we can help with too. We’re often asked to hold staff workshops to ensure an impartial, professional and consistent delivery of the action plan to ensure that everyone is on board.

3. Implementation
It is often the case that minor tweaks to existing processes is all that is required to achieve the “like to be” position, but sometimes we work with organisations that have literally nothing in the way of a proper structured information assurance/data protection management system. They may not even have a notification or a privacy policy in place. Either way we help implement change over time in a sensible way starting with the bigger, riskier issues and working through the rest at a sensible pace. We know how crucial the implementation is and good communication during this process is essential.

4. Awareness
You’ll be surprised at how creative we are when it comes to developing an awareness and education program to the two key groups of people we need to communicate with: your customers whose data you are processing, and your staff who are handling the data. We know full well that data protection can be a fairly dry topic, and we have done some brilliant work in the past to engage with people on it, bring it to life and make it interesting. And that is really important if we are going to get the implementation to stick.

5. Monitoring
The final ingredient is monitoring and review. This isn’t the last stage of a project as review and monitoring needs to be on-going during the previous steps, nor is it the last job to carry out before a project is closed. Reviewing the new “as is” situation is the start of a new cycle highlighting shifts in work practices, changes in the law, and new vulnerabilities that need to be addressed.

Our Services:

Information Assurance/Data Governance

Data Services

Consultancy Services