The Comply Service Approach Detailed Read
Overview
The Comply Service aims to prioritise securing the most valuable assets and mitigating the highest risk factors first. This process begins with the first two modules in an initial meeting, where we align them with our scored database of scenarios to generate the initial risk score. We then devise a plan to address each identified risk with proposed actions and expected timelines.
This involves suggesting necessary actions, which can be undertaken by Draytus Comply, the business itself, or a supplier. Draytus will track all actions and follow up to ensure completion. Where necessary, we create recurring tasks to maintain ongoing checks and tests. For instance, regular checks on data backups to ensure data is backed up correctly and accessible in the expected location and format.
The monthly routine involves adding more compliance levels, raising the score while maintaining the current level through recurring tasks.
Schedule a free no obligation consultation where we work through the processes and tools in your business and see how much time you can save.
Key features:
Background Information
Collect and document the general nature of the business, its products and services, and the perceived exposure to cyber and information security threats.
Company Approach to Compliance, Governance, and Risk
Assess the company’s current levels of compliance at a high level, examining the overall management controls currently in place.
Data Security
Understand the types of data the company handles, where it is generated, how it is protected, where it moves, and where it resides. Develop the appropriate steps to ensure the right environment and controls for that data.
Public Facing Application Security
Create an inventory of tools the business uses and determine the correct approach to applying Data Security principles to the data held, communicated, and generated by these applications.
Cryptography Requirements, Understanding, and Management
Using the results of the Data Security and Public Facing Applications audit, evaluate the level of data encryption, the methods of encryption, and the management of encryption keys. Assess the levels of knowledge management has or needs regarding encryption.
Access Management
Based on information collected on Data Security, Public Facing Applications, and Cryptography, develop an access management structure that enhances the security of the aforementioned modules.
Company Network Security
Evaluate the local company network infrastructure, potentially involving the company’s MSP to determine which parts of the network are under their management and to what extent. Recommend changes and ongoing checks necessary to enhance network security.
Security Incident Management
Security Incident Management goes beyond reporting data loss or breaches to authorities. It involves identifying and managing potential security incidents to protect your business from severe damage. This process also forms an audit to demonstrate your ongoing commitment to company security.
Business Continuity & Disaster Recovery
If the business lacks a comprehensive BC and DR policy, we focus on the most impactful areas first, based on previous assessments, to progressively enhance security, starting with major assets and critical systems.
For Bespoke Applications
For businesses with bespoke systems, often managed by third parties, there can be challenges in controlling events like disaster recovery due to varying service levels under different contracts. This can make timely access to necessary tools and knowledge difficult.