Texaport’s project team work with clients to implement changes recommended during the GDPR compliance process.
Implementation of Cyber Security recommendations
Implementations in relation to Cyber Security will normally follow the report phase, where the client will decide on the course of action and security posture to be achieved. Outside of this process, Texaport can implement Cyber Security changes for clients as a stand alone project or as an element of our “Holistic Security” package.
The implementation phase is the core of compliance as any non-conformances discovered during the audit phase will have recommended actions to rectify.
These elements can involve third parties and inter-departmental action being necessary including:
- Software deployment
- Hardware Upgrades
- Legal Disclaimers
- Technical Engineering
Texaport advises clients to implement a “rolling replacement” cycle into organisations to anticipate refresh cycles and prepare budgets accordingly.
Where this has not been implemented previously, it can be highlighted during the Cyber Security process, requiring hardware upgrades, replacements or refreshes.
Most Cyber Security engagements with Texaport will result in one or more software agents being deployed on client machines either for compliance, security or reinforcement of policies.
The most common software deployment is for anti-malware or password management software to secure client devices and access to services containing Personally Identifiable Information.
One of the biggest weaknesses in Security posture for clients can be their employees and policies. Ensuring that companies have the required policies in place throughout the business is important for Cyber Essentials and GDPR compliance.
Common policies we have assisted to implement are: Acceptable IT Use and Privacy policies.
Disclaimers and Statements
Texaport work with clients’ HR and Legal teams or third parties to ensure a consistent, acceptable approach to these.
Deciding on company policies and making public statements on the company’s position are essential in many cases, but worthless if the organisation does not reinforce policies with processes.
Processes will also help clients adhere to the standards which they have achieved or are working towards, providing a clear step by step guide for employees, contractors and third-party organisations.
Along side purchases and implementations, policy work and processes an element of technical engineering is usually required to achieve compliance and improve the Data Protection and Cyber Security posture of a client organisation.
This could be locking down user access, securing the network and company services or more technical work depending on the recommendations of the report.