Seer-i is a tool-set designed by a number of highly experienced professionals to provide rich functionality, while being easy to deploy and use. Seer-i can function as a fully operational GRC tool, or individual modules may be used to suit your needs.
The Governance module allows a number of approaches, such as:
The risk management module helps an organisation to:
Identify and document risk
Assess gross/inherent risk
Identify controls managing risk
Assess net/residual risk
If necessary, select an appropriate risk response
Track the effectiveness of the processes managing each identified risk
The compliance module allows a wide variety of assessments to be undertaken, including:
Please enter your details below and we'll be in touch.
General Data Protection Regulation
When GDPR came into force on May 25th 2018, unifyng the approach to data protection across the EU and beyond, with new requirements for documenting IT procedures, performing risk assessments, rules on breach notifications, and tighter data minimisation – establishing a single law to enforce European data protection rules and regulation and the right to personal data protection.
GDPR legislates common sense data security ideas, especially from the Privacy by Design school of thought: minimise collection of personal data, delete personal data that’s no longer necessary, restrict access, and secure data through its entire lifecycle.
What type of data is protected?
Personal data – Think names, addresses, phone numbers, account numbers, and more recently email and IP addresses.
Who does it affect?
The GDPR applies to EU based companies and companies that collect data of EU citizens, regardless of their physical presence in the country.
How does it affect you?
It means there are new regulations and requirements for collecting, recording, and storing personal data and processing activities, new regulations on breach notifications, penalties on violations, and more.
Don’t be the next data disaster headline – avoid heavy fines
Your customer’s data will be much less vulnerable to attack, theft or loss, meaning fines and reputational damage from a data breach is much less likely. You can be sure that you have the correct marketing permissions and an audit trail for all forms of communications.
Assess your data protection position against new EU legislation
Using the 12 steps guide published by the ICO take our quick assessment to highlights your strongest and weakest areas for data security and data protection against the new EU Legislation (GDPR). This might include not having a data breach notification plan, not having the right consent for marketing, or exposure from non-compliant 3rd party data processors.
Because Seer-I is template driven you can then move onto our detailed assessment tool to highlight areas of weakness or non-compliance and produce an action plan to prioritise the highest risk areas.
We can provide template solutions to ensure you reach compliance you can work towards gaining standards such as ISO27001 and Cyber Essentials, standards which can demonstrate that you employ best practice with respect to data security which will help with winning major tenders.
Information Governance Maturity Assessment
Information is increasingly being recognised as a key asset for any organisation, no matter how big or how small; good, accurate, up to date information; made available at the right to time to only those who should have access is essential for the success of any business.
This Information Governance (IG) Maturity Assessment will help an organisation to:
understand the IG maturity level appropriate for their business needs;
assess their current IG capabilities;
determine the gap and actions required to achieve the maturity level appropriate for the needs of the business.
This information governance (IG) self-assessment tool is designed to highlight areas where action is required or where improvements may be made. The self-assessment is intended to assist organisations in monitoring their journey to creating an information governance framework that evolves as the business and its business risks evolve.
The self-assessment is designed to be completed by either an Auditors or a should be completed by a member of the organisational management team that holds responsibility for information governance in the organisation.
Depending on the size of the organisation, you may wish to conduct the self-assessment at different levels or within different units in order to identify specific areas within the organisation that require further attention - this will also help to identify areas of good practice within specific teams that could be shared across the organisation.
Managing Risk in the Supply Chain
The business world is leveraging new advantages from an ever-changing array of delivery models. The rise of cloud computing, outsourcing and shared services along with concerns over how data is protected at rest and in transit.
You may value your data and have invested time and money to protect it. However, your own controls are only as robust as the weakest link and this link could turn out to be a key supplier.
Your suppliers are your lifeblood but can also be your Achilles heel. If their internal controls are weak then your intellectual property and personally identifiable data could be at risk.
In the digital supply chain, data is the valuable asset that must be protected, shared securely, managed and archived according to corporate, regulatory and legal mandates. In this world of highly digitized services, businesses increasingly realize that one may outsource activities to a third party but they are still held accountable, not only for their own activities, but also for their suppliers and business partners. As the threat landscape continues to evolve, the onus is, therefore, on businesses to practice continuous due diligence on its information supply chain.
With Seer-I you can:
Demonstrate an effective vendor security risk management program to your auditors, regulators, and customers.
Assess the application security posture of third-party applications and IT services that are being used by your organization, including private, hybrid, and public cloud infrastructures.
View the dependencies and assess IT security risks across multiple vendor, software, and service provider/IT outsourcing relationships across your information supply chain.
Provide mandate-based reporting on third-party security compliance requirements such as PCI DSS 3.2, ISAE3402/SSAE18 or ISO27001.
Automate best practices for the secure onboarding of business partners and suppliers in your information supply chain ecosystem.
Demonstrate to your regulators and auditors that your service providers and third party relationships are managing their own third-party vendor security risks.