Current/Recent/Past Projects:

  • Data Protection review for a professional counsellors membership body

  • GCSx Code of Connection compliance project for large city council and then embedding Information Security Management across several departments

  • Writing various book reviews as part of the PhD Literature Review work

  • ISO27001 Gap Analysis, Risk Assessment, ISMS implementations prior to certification - public and private sector

  • Creating and conducting Privacy Impact Assessments for private and public sector clients in order to ensure compliance with Data Protection and information handling requirements

  • Information Security, ISO27001, Information Management Legislation (Data Protection, Freedom of Information, Regulations on the Re-use of Public Sector Information) training, nationwide

SECTOR

TYPE OF SERVICE

PROJECT AREA

Public

Project Manager & CISO Consultant

Government Connect Code of Connection (CoCo)

Parachuted in late in the day to assist this Council with their CoCo submission to GCSx and achieving compliance by the required end date of 30th September 2009.  A larger information security improvement programme underpinned the project including the development and delivery of information security awareness briefings to over 500 staff in a 3 week period in September 2009.  Rolled out to the wider council, delivering briefings to 1500 staff during Feb 2010 and a further 2000 planned March and April; implementing and Information Security Management System as part of an Information Governance Framework in line with ISO27001 and the LGA Data Handling Guidelines.  Project Management for a team of 10 cross ICT discipline colleagues.  Budget 2m

Private

High level consultancy

Data Protection Compliance review & ongoing support

Returned to this previous client to establish the wider internal data protection compliance and provide advice and guidance as to how best to bridge any gaps identified – particularly with regard to undertaking Privacy Impact Assessments and encouraging lesser collection (and thus management) of personal data in the future.

Public

High level consultancy

ISO27001 Scoping

Returned to advise this North Wales Council how best to scope their intended ISO27001 certification project – provided a pragmatic view of appropriate scope boundary in order to focus the activities and ensure the selected controls were risk based.

Public

High level consultancy

Data Protection Controller review

NDPB seeking a review of data processors to ensure that they were complying with data controller stipulated requirements and guidance.  Ensuring contractual agreements were in place and appropriate as well as on site review of the third party processors.

Public

Training delivery

Role specific Information Security awareness sessions

Creation and delivery of role specific information security training sessions – delivered 40+ sessions to 1100 staff across the country in a 2 month time period.  Tight timescales.  Focussed content creation and dynamic delivery required and provided.  Addressed Business Security Requirements, Information Security Risk Assessment Summary and RMADS process flows.  Part of a team.  Significant budget.

Public

High level consultancy

PCI DSS Compliance review

Local Council seeking a full review of all outlying posts that process credit card data to ensure appropriate data handling is taking place.  Risk Assessment of the findings and full report back to management.  Infrastructure and architecture review.

Private

High level consultancy

Information Security review

Law firm requiring an ISO27001 ISMS to be established – through consultative process with requirements review, policy and procedure creation and risk assessment of data flows etc.  Included review of European offices and balance of legislative requirements.

Private

High level consultancy

Data Protection compliance review

Carried out a data processor review for a data controller in order to provide reassurance that the processing was happening in a manner consistent with the requirements of the service but also in keeping with the nature of the data.  Audited the data flows, contracts etc..  Carried out a Privacy Impact Assessment (PIA) to address concerns raised with regard to data exchanges.

Private

High level consultancy

Data Protection compliance review

Delivered DPA compliance advice and guidance in a Financial Services context – including policy and procedure creation and development – in order to synchronise existing governance arrangements with the FSA Data Security in Financial Services requirements.

Public

High level consultancy

Information Security Management & Data Protection Compliance

Delivery of appropriate management advice for Information Security compliance with a view to ensuring the organisation implements a robust programme to include delivery of policies, procedures, guidance and awareness training – utilising ISO27001 ISMS framework.  Further work on Data Protection Compliance specifically is currently being undertaken.

Private

High level consultancy

Information Security Review

Culture and awareness review with regard to information security at a London law firm.  Risk Assessment against the results and then assist with information classification, labelling and handling guidance.

Charity

High level consultancy

Information Security Policy

Creation and implementation of a robust Information Security Policy to provide surety to members, stakeholders and the public with regard to information management and handling.

Public

High level consultancy

ISO27001 certification project

Prepared this public sector housing group for ISO27001 c. November 2007.  Full range of professional services being utilised – Gap Analysis, Risk Assessment, training delivery, policy and procedure preparation etc.

Private

High level consultancy

ISO27001 certification project

Prepared this private sector secure radios manufacturing for ISO27001 c. March 2007.  Full range of professional services being utilised – Gap Analysis, Risk Assessment, training delivery, policy and procedure preparation etc.

Private

High level consultancy

ISMS implementation project

Preparation of all necessary ISO27001 certification documentation from Gap Analysis, through Risk Assessment to policy and procedure development for this screening services company, offering key services to government agencies.

Public

High level consultancy

Information Governance

Delivery of appropriate management advice to a Borough Council for Information Governance with a view to ensuring the implements a robust programme to include delivery of policies, procedures, guidance and awareness training, with a view to enhancing compliance across multiple regimes / disciplines, through the utilisation of an appropriate Information Management Strategy and Information Security Management System.

Private

High level consultancy

ISO27001 certification project

Prepared this private sector managed services provider for ISO27001 c. December 2006.  Full range of professional services being utilised – Gap Analysis, Risk Assessment, training delivery, policy and procedure preparation etc.

Private

High level consultancy

BS7799 certification project

Preparing this private sector managed services provider delivers high-performance mail security solutions.  As part of their determination to be market leaders in service provision, bst are seeking BS7799 certification in order to support customer requirements for improved transparency of their security arrangements.

Public sector

High level consultancy:  interim management

DP/FOI compliance programme

Delivery of appropriate management advice for DP/FOI compliance with a view to ensuring this Regional Development Agency implements a robust programme to include delivery of policies, procedures, guidance and awareness training, with a view to ultimately enabling Information Governance.  Preparation for implementation of the Directive on the Re-use of Public Sector Information (PSI).  Assistance with records management implementation.

Public

High level consultancy

Freedom of Information Implementation

Data Protection Audit for central government agency, based on Risk Matrix approach followed by development of appropriate supporting policies, procedures and guidance documents.  Delivery of DPA and FOI training to all employees during Summer 2004.

Private

Corporate consultancy/ facilitation

Data Protection compliance change programme

Household name brands owned by this large national organisation.  Involved in Data Protection Audit interviewing as well as policy, procedure and guideline creation in order to ensure this organisation complies with the requirements of the DPA.  A risk based approach was applied.  Covered DMA, HRA, RIPA, ECA, Telecommunications Regulations etc.

Public

Consultancy / facilitation

BS7799 Gap Analysis

This health sector client was seeking a BS7799 Gap Analysis in order to assess their level of compliance with NHS requirements in this area.  They provide IT, Finance, HR & Facilities services to 8 NHS partners.  It was important to establish the scope of the review, to assess the understanding of security amongst the employees and to work out an appropriate plan to achieve compliance.  Interviews with employees were required with a view to collating responses and producing reports. This assignment was about ensuring that all NHS, Caldicott and data handling guidelines were borne in mind whilst reviewing the wider implications of BS7799 compliance for HI as they provide services to 7 NHS Healthcare Trust clients.  Some focus on Data Protection and FOI issues.

Public

Management review

Information security & legislation compliance

The review objectives for this City Council were:

             To understand the current set up and problems and shortcomings.

             To consider what information management (IM) organisation structure (reporting, responsibilities) should be set up to ensure that the Council is able to comply and maintain its compliance. This IM organisation structure recognises the impact of the current delivery restructuring and that the resulting new delivery structures will equally need to comply.

             To identify what actions are needed to manage Freedom of Information (FOI) implementation.

Public

Management review

Information security & legislation compliance

 

The review objectives for this large metropolitan City Council were to:

             To understand the current set up and problems and shortcomings.

             To consider what information management (IM) organisation structure (reporting, responsibilities) should be set up to ensure that the Council is able to comply and maintain its compliance. This IM organisation structure recognises the impact of the current delivery restructuring and that the resulting new delivery structures will equally need to comply.

             To identify what actions are needed to set up the new IM organisation structure.

             To summarise the key actions which the new IM organisation structure must take to achieve compliance. This included for example identifying at high level what procedures should be embedded in new project inception and delivery to ensure compliance.

Socitm Learning

Training / facilitation

FOI / DP / BS7799 / Information Security Overview training delivery

Provision of one day training on each subject area in order to assist Local Government SOCITM members to have a better understanding of the requirements of each area and their relationship.  Information security is essential for successful local e-Government. 

Public

Consultancy / facilitation

BS7799 Gap Analysis

The Health Informatics (HI) section of this NHS client was seeking a BS7799 Gap Analysis in order to assess their level of compliance with NHS requirements in this area.  It was important to establish the scope of the review, to assess the understanding of security amongst the employees and to work out an appropriate plan to achieve compliance.  Interviews with employees were required with a view to collating responses and producing reports. This assignment was about ensuring that all NHS, Caldicott and data handling guidelines were borne in mind whilst reviewing the wider implications of BS7799 compliance for HI as they provide services to 7 NHS Healthcare Trust clients.  Some focus on DP issues.

 

For more details, contact:

 

Page last updated 4th January 2011