Texaport completes GDPR Compliance projects by comparing the implemented actions with the report recommendations and audit findings.

Review of Cyber Security Measures

Texaport completes GDPR Compliance projects by comparing the implemented actions with the report recommendations and audit findings.

The review process is similar to the previous audit process, but is achieved much quicker as it is for verification and “error checking” to ensure that required actions have been carried out and that the client’s security posture has been improved.

Where clients are re-certifying against previously attained compliance which was supported by Texaport, commonly the review phase forms the “scoping” element of the subsequent project.


External Review

Texaport’s review testing and analysis of the client estate is performed on the periphery of the technical controls deployed to secure and communicate.

Texaport’s Penetration Testing tools are deployed to confirm that changes have limited external visibility and mitigated vulnerabilities of the client network and connected devices as agreed with the client.

Internal Review

Following the “External Review”, Texaport’s internal review will verify that action has been taken to mitigate vulnerabilities and secure pathways behind the outer layer preventing compromise of the corporate network.

Non-conformances with the implementations and recommendations will be noted and brought up with the client to verify rationale, awareness and/or knowledge of the discrepancy.

In-Depth Review

File Review

Texaport will review access control to the file storage systems used by the client to ensure the integrity and security of the structure. Texaport’s assessor will assess permission-based restrictions, data classifications and security measures enforced or implemented by Texaport.

Business Continuity measures will also be verified at this point along with the policy and processes implemented and already in place.

User Review

Texaport will refer to the initial audit’s sample of users throughout various business areas to verify actions have been implemented to secure access and users.

Following this, Texaport recommends regular user training and awareness of risks to data, hardware and business functions.

Application Review

Texaport will refer to the information gathered during the infrastructure review and user review to verify the security and control of applications present and used on individual machines and in key business areas.

IT Management policies will be verified and referenced including application management and lifecycles.

Third Party Review

Where services are provided by third parties in respect of connectivity, applications, data management or hardware support Texaport will ensure any potential vulnerabilities and improvements have been addressed and/or mitigated to an acceptable level as agreed.

Legal, Regulatory and Policy Review

Texaport will work with the Stakeholders to verify key operational policies related to the management and protection of data, both personal and confidential. Texaport will ensure that the client has made Employees and customers aware of these policies to ensure compliance.

Process Audit

Texaport will work with the Stakeholders to verify key operational processes which involve data, both personal and confidential. These processes will be verified with employees during the “User Audit” to ensure compliance.

GDPR Compliance Affirmation

During our review phase we will have gathered sufficient information, implemented the changes required and worked with the relevant areas, users in and suppliers to the business to provide an assurance certificate from IASME (Information Assurance for Small to Medium Enterprises). This provides peace of mind and confidence to clients seeking to confirm compliance with the GDPR.

Risk Assessment

Texaport will compile the results of the preceding reviews into a dated Risk Assessment document for Clients which will form the basis of any subsequent scoping documents.

Our Process