Scoping2018-10-09T08:26:57+00:00

GDPR Scoping

Texaport work with clients to complete detailed “Scoping” documents which help to identify, locate and “map out” Personally Identifiable Information

GDPR Scoping

The General Data Protection Regulations concern Personally Identifiable Information, or PII, and the gathering, storage and use of this by businesses and public bodies. When considering liability for personal data, or vulnerability to persecution, businesses first need to identify their processes, procedures and need for data.

Texaport work with clients to complete detailed “Data Scoping” documents which help to identify, locate and “map out” Personally Identifiable Information throughout the organisation. This data can take many forms and be scattered throughout the organisation so will involve a cross-department approach to complete.

Once data has been scoped throughout the organisation Texaport can work with clients to ensure compliance with the regulations.

Hardware Scoping

Texaport provide a “Hardware Scoping” document to Clients which should be completed with all company assets including (but not limited to):

  • End-Points (PCs, Macs, Laptops, Desktops etc)
  • Servers
  • Network Infrastructure (Switches, Routers, Firewalls)

This will allow Texaport to accurately project the time and effort required to audit the client’s physical assets against Cyber Essentials, IASME and GDPR governance standards during the Audit phase.

Data Scoping

Texaport provide a “Data Scoping” document to Clients which should be completed with all company information assets including (but not limited to):

  • Supplier Data
  • Client Data
  • Employee Data

An alternative to the data scoping document could be an up to date “Information Asset Register”.

This will allow Texaport to accurately project the time and effort required to audit the client’s information assets against Cyber Essentials, IASME and GDPR governance standards during the Audit phase.

Service Scoping

Texaport provide a “Service Scoping” document to Clients which should be completed with all the services used by the company including (but not limited to):

  • Line of Business Software
  • Microsoft Office
  • Accounting Package
  • File Storage
  • Access Control
  • Security Software
These services can be used to control or process the data held by clients this can include financial data, client history, personal data, email communications and other sensitive data.

Access Scoping

Texaport provide an “Access Scoping” document to Clients which should be completed with all users access levels to each system and service used by the company including (but not limited to):

  • Line of Business Software
  • File Storage
  • Cloud Software
  • Accounts
  • Social Media
  • Marketing software
  • Client Services

Users should only have access to the systems and “privilege” levels which are required to perform their job. Administrator access should be limited and avoided to prevent irreversible changes and unrestricted access to company data and devices.

Our Process

Chat

Scope

Audit

Report

Implement

Review