red background

The Comply Service Approach Detailed Read


The Comply Service aims to prioritise securing the most valuable assets and mitigating the highest risk factors first. This process begins with the first two modules in an initial meeting, where we align them with our scored database of scenarios to generate the initial risk score. We then devise a plan to address each identified risk with proposed actions and expected timelines.

This involves suggesting necessary actions, which can be undertaken by Draytus Comply, the business itself, or a supplier. Draytus will track all actions and follow up to ensure completion. Where necessary, we create recurring tasks to maintain ongoing checks and tests. For instance, regular checks on data backups to ensure data is backed up correctly and accessible in the expected location and format.

The monthly routine involves adding more compliance levels, raising the score while maintaining the current level through recurring tasks.

Schedule a free no obligation consultation where we work through the processes and tools in your business and see how much time you can save.

Key features:

Background Information

Collect and document the general nature of the business, its products and services, and the perceived exposure to cyber and information security threats.

Company Approach to Compliance, Governance, and Risk

Assess the company’s current levels of compliance at a high level, examining the overall management controls currently in place.

Data Security

Understand the types of data the company handles, where it is generated, how it is protected, where it moves, and where it resides. Develop the appropriate steps to ensure the right environment and controls for that data.

Public Facing Application Security

Create an inventory of tools the business uses and determine the correct approach to applying Data Security principles to the data held, communicated, and generated by these applications.

Cryptography Requirements, Understanding, and Management

Using the results of the Data Security and Public Facing Applications audit, evaluate the level of data encryption, the methods of encryption, and the management of encryption keys. Assess the levels of knowledge management has or needs regarding encryption.

Access Management

Based on information collected on Data Security, Public Facing Applications, and Cryptography, develop an access management structure that enhances the security of the aforementioned modules.

Company Network Security

Evaluate the local company network infrastructure, potentially involving the company’s MSP to determine which parts of the network are under their management and to what extent. Recommend changes and ongoing checks necessary to enhance network security.

Security Incident Management

Security Incident Management goes beyond reporting data loss or breaches to authorities. It involves identifying and managing potential security incidents to protect your business from severe damage. This process also forms an audit to demonstrate your ongoing commitment to company security.

Business Continuity & Disaster Recovery

If the business lacks a comprehensive BC and DR policy, we focus on the most impactful areas first, based on previous assessments, to progressively enhance security, starting with major assets and critical systems.

For Bespoke Applications

For businesses with bespoke systems, often managed by third parties, there can be challenges in controlling events like disaster recovery due to varying service levels under different contracts. This can make timely access to necessary tools and knowledge difficult.

SDLC: Ensure bespoke work is carried out under a secure development lifecycle, identifying and mitigating risks.
Change Control: Ensure the business, internally or through third-party suppliers, has a managed approach to change control.


Physical Data Centre: Identify if any physical data centre or on-premise infrastructure exists.
Cloud & IaaS: Assess the use of cloud and Infrastructure as a Service based on previous discoveries to ensure a thorough understanding and management. This counters the common misconception that having data or infrastructure in the cloud makes it invulnerable to cyber events or data loss.


Schedule a free no obligation consultation where we work through the processes and tools in your business and see how much time you can save.