Evidence of Compliance

We are a major UK Government supplier. I need to provide evidence of compliance with our contract and the Schedules including 2.4,  following a partner organisation's widely-publicised breach. 

Contractual clauses

Our largest client has advised us we are in breach of contract due to a lack of evidence of compliance with contractual cyber security requirements. I need a review of our contractual obligations.

Review and assessment

I'm accountable for security in our supply chain. I need a trusted expert to lead a complex programme to determine the current level of risk from our suppliers' level of security compliance including Cyber Essentials controls, NCSC's 10 Steps and ISO27001. 

Certification

I'm accountable for our cyber security and data protection risks. I'm aware we have achieved ISO27001 certification but a potential client has questioned the scope of our SOA and GDPR compliance. I need a trusted review of our current position.

Serious incident

I've been summoned to our HQ following a serious incident. I need a trusted expert to help me understand the potential consequences of what happened, what should have prevented it, what risk mitigation we have in place today and what changes we can implement relatively quickly.

Governance

I'm now responsible for cyber security in our department. I need to understand what we should be doing (mandatory requirements) and who should be doing it (roles and responsibilities). 

Supply Chain Securiy

One of our suppliers has advised us of a  recent security incident. I need someone to liaise with all key stakeholders in the supply chain, lead the investigation at a senior executive level and explain to me what has happened, what the potential impact is and what our options are going forward.

Internal investigation

I'm responsible for cyber security risk for our department. A member of staff recently reported an internal security breach to me and I need assistance from a trusted expert. We may need to report the incident to the police and initiate legal proceedings.

Compliance and investigation

I've been advised a member of staff is responsible for a breach of security which must be reported to our Government client, the ICO and potentially law enforcement. I need a second opinion.