Consulting

Service & Information Security Management

Our approach to Service & Information Security Management is based on the ISO20000/ITIL and ISO27001 standards and on the methodology framework SCRUM Agile.

InoServ helps you implement all components of a Service and Information Security Management System. Our methodology gradually leads you to a solution which is totally compatible with the best professional practices and the recognised standards.

Our solution is recognized, end-to-end, lean and agile.

GDPR & Privacy Management

General Data Protection Regulation (GDPR)

We offer a systematic approach to the GDPR implementation that covers the following phases: 

  1. Establish data privacy policy and privacy system scope
  2. Conduct an Gap Analysis
  3. Conduct an Enterprise Privacy Risk Assessment
  4. Conduct PIAs/DPIAs for new and for changes to existing programs, systems, processes and engage external stakeholders (e.g., individuals, privacy advocates) as part of the PIA/DPIA process
  5. Track and address data protection issues identified during PIAs/DPIAs
  6. Assign responsibility for data privacy to an individual (e.g. Privacy Officer, Privacy Counsel, CPO, Representative)
  7. Appoint a Data Protection Officer/Official (DPO) in an independent oversight role
  8. Maintain roles and responsibilities for individuals responsible for data privacy (e.g. job descriptions)
  9. Establish and maintain policies/procedures for:

a)       maintaining data quality

b)       secondary uses of personal data

c)       obtaining valid consent

d)       responding to requests to opt-out of, restrict or object to processing

e)       responding to requests and/or provide a mechanism for individuals to update or correct their personal data

f)        responding to requests for data portability

g)       responding to requests to be forgotten or for erasure of data

h)       collection and use of children and minors’ data

i)         collection and use of sensitive personal data (including biometric data)

j)         reviewing processing conducted wholly or partially by automated means

k)       executing contracts or agreements with all processors

l)         restricting access to personal data (e.g. role-based access, segregation of duties)

m)     de-identification of personal data

n)       Maintain a breach notification (to affected individuals) and reporting (to regulators, credit agencies, law enforcement) and protocol

  1. Provide data privacy notice at all points where personal data is collected
  2. Maintain a data privacy notice that details the organization’s personal data handling practices
  3. Integrate Privacy by Design into system and product development
  4. Maintain data privacy requirements for third parties (e.g., clients, vendors, processors, affiliates)
  5. Conduct due diligence around the data privacy and security posture of potential vendors/processors
  6. Maintain an inventory of personal data holdings (what personal data is held and where)
  7. Maintain a log to track data privacy incidents/breaches
  8. Establish and maintain a data privacy incident/breach response plan
  9. Conduct privacy training
  10. Conduct regular communication between the privacy office, privacy network and others responsible/accountable for data privacy
  11. Maintain records of the transfer mechanism used for cross-border data flows (e.g., standard contractual clauses, binding corporate rules, approvals from regulators)