Service & Information Security Management

Our approach to Service & Information Security Management is based on the ISO20000/ITIL and ISO27001 standards and on the methodology framework SCRUM Agile.

InoServ helps you implement all components of a Service and Information Security Management System. Our methodology gradually leads you to a solution which is totally compatible with the best professional practices and the recognised standards.

Our solution is recognized, end-to-end, lean and agile.

GDPR & Privacy Management

General Data Protection Regulation (GDPR)

We offer a systematic approach to the GDPR implementation that covers the following phases: 

  1. Establish data privacy policy and privacy system scope
  2. Conduct an Gap Analysis
  3. Conduct an Enterprise Privacy Risk Assessment
  4. Conduct PIAs/DPIAs for new and for changes to existing programs, systems, processes and engage external stakeholders (e.g., individuals, privacy advocates) as part of the PIA/DPIA process
  5. Track and address data protection issues identified during PIAs/DPIAs
  6. Assign responsibility for data privacy to an individual (e.g. Privacy Officer, Privacy Counsel, CPO, Representative)
  7. Appoint a Data Protection Officer/Official (DPO) in an independent oversight role
  8. Maintain roles and responsibilities for individuals responsible for data privacy (e.g. job descriptions)
  9. Establish and maintain policies/procedures for obtaining valid consent and responding to requests   
  1. Provide data privacy notice at all points where personal data is collected
  2. Maintain a data privacy notice that details the organization’s personal data handling practices
  3. Integrate Privacy by Design into system and product development
  4. Maintain data privacy requirements for third parties (e.g., clients, vendors, processors, affiliates)
  5. Conduct due diligence around the data privacy and security posture of potential vendors/processors
  6. Maintain an inventory of personal data holdings (what personal data is held and where)
  7. Maintain a log to track data privacy incidents/breaches
  8. Establish and maintain a data privacy incident/breach response plan
  9. Conduct privacy training
  10. Conduct regular communication between the privacy office, privacy network and others responsible/accountable for data privacy
  11. Maintain records of the transfer mechanism used for cross-border data flows (e.g., standard contractual clauses, binding corporate rules, approvals from regulators)