Compliance and Standards

Over the last decade, we have seen a significant increase in the number of regulations and standards that relate to cybersecurity. Although some industries are more heavily regulated than others, the public awareness of data security, coupled with stringent EU tendering requirements, has resulted in businesses across all industries having a requirement to demonstrate compliance to one or more standards.

In the past, this was often seen as a ‘tick-in-the-box’ exercise for some organisations. However, by following a maturity model, compliance with industry standards can enforce your cybersecurity strategy, helping your business to achieve its security goals in relation to the risk appetite of your business.

When it comes to advising your business on regulatory compliance, our consultants have extensive knowledge of information security. Our approach is always sensible and appropriate for your business. We are able to benchmark your businesses level of compliance in line with other relevant companies. Using our expertise, we can work with your team to develop the written policies and procedures internally, carry out mock audits and formulate a communication and training plan.

General Data Protection Regulation (GDPR)

Sapphire provides a range of consultative services and technical controls to assist you to achieve compliance to the GDPR. From a Gap Analysis, Improvement Plan and Governance, through to producing a document set and providing DPO as a Service.

The key to an effective GDPR compliance programme is to understand what data you hold. Before your business starts to identify and locate its sensitive data, an asset discovery exercise can locate all devices and create an inventory. Visibility is key and having technology in place which enables efficient identification of data and where it resides is an important element of a successful data discovery exercise.

We offer data classification solutions to enhance your employee’s awareness of the value and sensitivity of the information they are handling, working with you to ensure your classifications integrate with your security policies and that sensitive data is easily searched for, identified and retrieved where necessary.

Sapphire can help you to determine how your critical data is being processed. Enabling you to monitor, manage and control data, utilising behavioural analytics and machine learning, reduce the risk of a data breach or data leak within your organisation.

Cyber Essentials and Cyber Essentials Plus

Cyber Essentials (CE), a Government-backed, industry supported scheme was set up to help organisations protect themselves against common cyber-attacks. The scheme has five security controls:

Secure Configuration
Boundary Firewalls and Internet Gateways
Access Control and Privilege Management
Patch Management
Malware Protection  

We’ve been delivering the very best cybersecurity services and solutions for over 22 years. Our expertise covers all aspects of cybersecurity; people, policies and technical controls. We are one of only a small number of organisations in the UK who are qualified to assess and certify businesses against both Cyber Essentials and Cyber Essentials Plus schemes.

Our experienced consultants have a wealth of knowledge and are best placed to review and prepare your business for security audits, as well as offering practical and pragmatic advice and guidance to steer your cybersecurity planning along the right path.

EU Directive on Security of Network and Information Systems (NIS Directive)

The EU Directive on Security of Network and Information Systems (the NIS Directive) is the first piece of EU-wide legislation on cybersecurity. The NIS Directive applies to Operators of Essentials Services (OES) that are established in the EU and Digital Services Providers (DSP) that offer services to persons within the EU. An OES is an operator that provides a service that is essential to society and economy, for example, the energy or water providers.

By May 2018, the UK and all other EU member states need to have translated this into national laws and then by November 2018, they need to have identified the OESs (Operators of Essential Services) and DSPs (Digital Service Providers) it applies to.

Sapphire can work with you to identify any gaps in your current IS regime and develop a IS improvement plan to meet the high-level security principles in the NIS Directive. Our service offers:

  • Visibility: gain an understanding of the NIS risks, challenges and threats.
  • Control: enhance and build NIS controls to better mitigate and remediate threats.
  • Focus: Direct security resources/budgets to enhance NIS security coverage and improve ROI.

ISO 27001: 2013

Compliance or certification to ISO 27001 demonstrates that an organisation follows information security best-practice guidelines which are measured through continuous analysis, assessment and robust security policy reviews.

The benefits of attaining or complying with ISO 27001 include:  the ability to demonstrate to clients that your organisation is committed to security frequently negating the need for 2nd party independent security audits or questionnaires. It provides a competitive edge by validating you are a trusted organisation. The ability to respond quickly and faster recovery in the event of a breach. Ensures robust business continuity/disaster recovery planning. Offers visibility to economically focus resources: people, skills, budget and time and demonstrates accountability of information security under audit conditions.

Clients and third-party businesses are increasingly requesting that businesses demonstrate that they implement solid and robust information security; the standard is a trusted measure that good policies, procedures and technical controls are implemented and reviewed on a regular basis.

We have been working with the ISO 27001 standard since 2005 and have a proven track record of successfully guiding our clients to compliance or certification through our pragmatic and expert consultants.