Our Services

What we Do Best

 

We listen to our customers and develop effective risk solutions.

Popular Services

Virtual DPO

 

A virtual Data Privacy Officer is a solution highlighted by the UK ICO in circumstances where the skills of a professional privacy advisor are needed on a part-time basis or when resources are limited.

We offer this service on an annual contract ‘as-required’ basis from £500 per month depending on requirements, including a quarterly site visit and the standard services outlined below. We provide these services in line with our fair-use policy and full Service Level Agreement operating remotely via an online ticketing system though which your virtual DPO will receive and respond to requests and  business as usual tasks normally carried out by a DPO.

GDPR Alignment Assessment

 

GDPR alignment assessment establishes the current position relative to the requirements of the GDPR and best practices, resulting in a gap-analysis report highlighting actions that are required to align with robust compliance. It is highly recommended for business early in the development of a privacy program and established businesses seeking to identify and reduce business, personal and legal risk.

The assessment is performed as an on-site workshop with senior managers, usually over two days, extendible depending on scope. The first day re-caps the GDPR, its purpose and legal requirements, fundamental principals and application.

Privacy Program Development

 

Privacy program development is included for enhanced Virtual DPO service customers or provided as a stand-alone service. The service includes an entire operational framework for GDPR (and PECR) compliance comprising all data privacy services and optional Virtual DPO.

The service starts with an an on-site meeting, providing both parties the opportunity to introduce themselves, discuss scope, timeline and resource requirements. This is followed by a project split into three phases.

  • Phase I – GDPR Alignment Assessment
  • Phase II – Processes, Procedures & System Development
  • Phase III – Program Operation

Privacy Program Development

 

Privacy program development is included for enhanced Virtual DPO service customers or provided as a stand-alone service. The service includes an entire operational framework for GDPR (and PECR) compliance comprising all data privacy services and optional Virtual DPO.

The service starts with an an on-site meeting, providing both parties the opportunity to introduce themselves, discuss scope, timeline and resource requirements. This is followed by a project split into three phases.

  • Phase I – GDPR Alignment Assessment
  • Phase II – Processes, Procedures & System Development
  • Phase III – Program Operation

Vulnerability Scanning

 

We are pleased to offer a competitive digital asset scanning service. service scanning featuring high speed asset discovery, configuration auditing, target profiling, malware detection, sensitive data discovery and web cookies.

Our scanning capability includes:

  • Accurate, high speed asset discovery
  • Vulnerability scanning (including IPv4 / IPv6 / Hybrid networks)
  • Uncredentialled vulnerability discovery
  • Credentialed scanning for system hardening and missing patches
  • Meets PCI DSS requirements for internal vulnerability scanning
  • Coverage: Broad asset coverage and profiling
  • Network devices: firewalls/routers/switches (Juniper, Check Point, Cisco, Palo Alto Networks), printers, storage
  • Offline configuration auditing of network devices

Cyber Essentials

 

Cyber Essentials is a UK Govt security assurance standard aimed at SME’s and designed to address common web born exploits by reducing vulnerabilities in IT systems and business processes.

The scheme involves an online self-assessment questionnaire which is marked by a qualified Cyber Essentials assessor. Companies passing the assessment are awarded a certificate and badge logo that can be used on websites and other company material, attesting to a level of cyber security assurance which improves competitive positioning and is mandatory for all suppliers to the MoD.

For organisations wishing to obtain a higher level of assurance, the scheme offers an enhanced certification, Cyber Essentials Plus. The enhanced level requires that the statements in the self-assessment are audited by a Cyber Essentials certification body, usually taking around two days for small companies.

Privacy Program Development

Privacy program development is included for enhanced Virtual DPO service customers or provided as a stand-alone service. The service includes an entire operational framework for GDPR (and PECR) compliance comprising all data privacy services and optional Virtual DPO.

The service starts with an an on-site meeting, providing both parties the opportunity to introduce themselves, discuss scope, timeline and resource requirements. This is followed by a project split into three phases.

  • Phase I – GDPR Alignment Assessment
  • Phase II – Processes, Procedures & System Development
  • Phase III – Program Operation

Privacy Program Development

Privacy program development is included for enhanced Virtual DPO service customers or provided as a stand-alone service. The service includes an entire operational framework for GDPR (and PECR) compliance comprising all data privacy services and optional Virtual DPO.

The service starts with an an on-site meeting, providing both parties the opportunity to introduce themselves, discuss scope, timeline and resource requirements. This is followed by a project split into three phases.

  • Phase I – GDPR Alignment Assessment
  • Phase II – Processes, Procedures & System Development
  • Phase III – Program Operation

Privacy Program Development

Privacy program development is included for enhanced Virtual DPO service customers or provided as a stand-alone service. The service includes an entire operational framework for GDPR (and PECR) compliance comprising all data privacy services and optional Virtual DPO.

The service starts with an an on-site meeting, providing both parties the opportunity to introduce themselves, discuss scope, timeline and resource requirements. This is followed by a project split into three phases.

  • Phase I – GDPR Alignment Assessment
  • Phase II – Processes, Procedures & System Development
  • Phase III – Program Operation

Identity Access Management

 

Our capabilities include:

  • Implementation of core services according to best practices
  • Design & deployment of scalable, highly available, fault-tolerant applications
  • Migration of complex, multi-tier applications
  • Design and deployment of enterprise-wide scalable operations
  • Implementation of cost-control strategies
  • Design and maintenance of network architecture
  • Specialised data classifications and data protection mechanisms
  • Data encryption methods and mechanisms
  • Decisions with regard to cost, security, and deployment complexity

other Services

We can do  much more ..

It doesn't matter whether you're a micro business looking to establish security cornerstones or global enterprise reviewing risk strategy or re-aligning to the latest compliance regulation, we're here to help.

We cover a broad range of  Cyber Security, Risk & Information Privacy functions, aligned with  leading frameworks including PCI-DSS, ISO 27001, Cyber Essentials and GDPR.

Drop us a line or call us to find out how we can help.

Goals & Gaps

Establish business and risk objectives, select appropriate framework and perform gap-analysis.

Business as Usual

Ongoing support, training and pre-audit assessments optimising certification readiness.

Realignment

Develop appropriate technical controls, policies, procedures, metrics & audit procedures.

Certification

Certify against selected frameworks.

Request your free consultation

We’re pleased to offer you a free consultation to explore effective risk reduction solutions. Please complete the form on the left and we’ll contact you shortly.

Contact Us

+44 (0) 203 872 2162
info@crystal-thinking.com

Open Hours

M-F: 8am – 5pm
Sat 10am – 2pm
Sun: Closed

X