Compliance get compliant, stay compliant
Compliance is the protocol which ensures businesses follow all the necessary laws and regulations applicable to their activities. We at 6S Global can help and support your business with that protocol, and provide services to help you achieve compliance.
The organisation which sets, and publishes the internationally recognised standards is the International Organization for Standardization or ISO.
6S Global will help your company become, and remain, fully compliant.
How was ISO founded? Well with the same thought process on how we approach things, a fundamental question was asked:
“What’s the best way of doing this?”
That is at the heart of how we approach and review our customers’ business to deliver a first-class service.
How we Deliver
- Our unique ATOM process,
- architectural targeted operating model
- 11 – 7 – 4 process
- Unique Experience and knowledge from our team – Specially Steve Wilkinson
- Our unique pre built frameworks for information Security management system (ISMS)
- Our Software COMPaaS compliance
The ISO Management Standard expanded from that initial thought to become a set of internationally recognized guidelines, which covers key areas of running and managing a business such as:
Managing Business Risks and Opportunities, Resources such as, People and Infrastructure, Competence, Communication, and lots more.
Having an ISO management standard ensures the running of the business is effective and consistent and recognized as the best business practice.
What we offer at 6S Global is a full range of services that can fit the needs of SMB, SME, or Large Enterprise style businesses. Our discovery process which easily enables our customers to understand the requirements of the international standard and how to apply them within their organization.
The discovery process, which is a light review of how the organisation operates and what baseline policies and procedures are in place and how this would ideally align to the requirements of a range of ISO and PAS Standards. This initial piece of work is essential to ensure we understand the level of service that is needed and the customers’ expectations, so we can draw up a Project plan and scope that can be agreed.
Once agreed we can then provide a full gap analysis, giving our customers an easy way to view the gap between current operational practices and those required prior to formal certification.
Once the Gap analysis has been done, we can then work with our customers over a period of months to build the necessary controls and implement them within their organisation. This is then followed by a pre-certification audit to ensure that our customer is ready for formal certification.
We can provide as much or as little as needed as often our customers want an understanding of how much work is needed and then schedule that work for other times if needed. Sometimes we are just asked to view some of the policies and procedures and advise accordingly but our service also offer full internal auditing. This review shows how our customers are adhering to the standard and directly supports their on-going surveillance auditing procedures.
A specific external audit can also be provided, where we review and assess a customer’s status, once again in our simple to view gap analysis report that documents any non-conformities and observations as required.
- Gap analysis review and Internal/external audits
- Certification can be through BSI or through QMS, our Certification body partner.
What we cover
- ISO 9001 Quality Management
- ISO 14001 Environment Management
- ISO 22301 Business Continuity
- ISO 27001 Information Security
- ISO 27701 Privacy information management
- ISO 27007 Information Security Management
- ISO 31000 Risk Management
- ISO 45001 Health and Safety (We can update companies from 18001)
- ISO 50001 Energy management
- ISO 55001 Asset Management
- PIMS Privacy Information Management system (framework)
We are working on a unique framework following PAS 99 for integrating various management systems such 27001, 27701, 55001, PIMS
The General Data Protection Regulation (GDPR) allows organisations to outsource the role of a Data Protection Officer (DPO)? 6sglobal’s ‘DPO as a Service’ (DPOaaS) makes it possible for your organisation to outsource the role of a DPO.
The DPOaaS performs the tasks described in the GDPR allowing you to reach the desired compliance level. 6sglobal’s DPOaaS is an all-inclusive data protection and privacy service that is not only limited to the tasks and responsibilities of the GDPR. DPOaaS includes a data protection annual plan to lay out all the steps to reach a desired level of compliance.
DPOaaS ensures that your organisation complies with the legislation, acts accordingly regarding data protection practices and has general ownership of data processing activities. For some organisations, it’s mandatory to have a nominated DPO, but it’s almost always recommended.
Tasks and Responsibilities
6sglobal’s DPOaaS can perform for example the following tasks:
- Composing and maintaining a data protection annual plan
- Practical operations, like personnel training, creating and maintaining data inventory and records of processing activities, as well as composing and planning processes
- Informs and advises the customer on privacy and data protection
- Monitors compliance
- Provides advice on conducting DPIA’s and DSAR’s
- Co-operates with supervisory authorities
- Acts as a contact point for supervisory authorities
6sglobal’s DPOaaS can focus on the tasks described in the GDPR as well as operative data protection activities. The service does not thus have to be limited to mere advisory and compliance monitoring described in the GDPR. 6sglobal’ DPOaaS can take care of other privacy and data protection tasks, e.g. privacy auditing, assessments, reviewing and planning. These other tasks are agreed separately with the customer.
Service Deployment Process
The service deployment process for 6sglobal’s DPOaaS starts off with a setup workshop, where the organisation’s current situation is assessed, and an annual plan is composed outlining the activities and tasks to become compliant. Activities can be divided into reactive and proactive support, which in combination create a comprehensive DPOaaS. The annual plan is implemented based on a chosen service level, which sets the extent and schedule of the service. This enables us to optimise the service on your organisation’s needs.
Allow us to review and write all polices for data protection.
The new international standard ISO/IEC 27701 Privacy Information Management System (PIMS), helps 6SGlobal to assist organizations to reconcile privacy regulatory requirements. The standard outlines a comprehensive set of operational controls that can be mapped to various regulations, including the GDPR. Once mapped, the PIMS operational controls are implemented by privacy professionals within your organisation and audited by 6Sglobal auditors resulting in a certification and comprehensive evidence of conformity.
PIMS is built on top of one of the most widely adopted international standards for information security management, ISO 27001. If your organization is already familiar with ISO/IEC 27001, it is logical and more efficient to integrate the new privacy controls of PIMS. This means the implementation and audit of both will be less expensive and easier to achieve through 6sgloba due to the understanding of what policies need to be in place.
A small investment in a Maturity Assessment could save your organisation money in the future.
The way businesses store their data changed with the introduction of GDPR in 2018. GDPR required companies to increase the focus put on protecting information and data, which in turn increased the demands on security processes within organisations.
6S Global can perform a Data Protection Assessment for your business using ICO Audit guidelines. Our assessment provides you with the insights to see where you need to improve your data protection processes and creates a bespoke action plan designed to ensure that should you ever have an ICO Audit, your business will get it right.
How do you know what to expect from an ICO Audit?
Information asset register ROPA
Information Asset Register (IAR) – Records what types of information we have, where we keep it and how we protect it.
Record of Processing Activities (ROPA) (sometimes referred to as data or information Flows) Records where we receive data from, where we send it to and the legal basis for this.
Due to the similarities of Ropa having the information of the IAR, it makes sense for organisations to combine these two into one operational document. This is something we can provide our customers, as a policy or via COMPaaS compliance software to manage and track.
Long Term Implications
Deliver all of these optional services and more:
- Accreditation through our partners
- Policy writing
- DPO as service
- Peace of mind
- Tools to help companies manage their own security
- Progress reports
- Any level of support or service level agreement
- Regular Compliance Audits
- Increased efficiency
- Reduced costs
- Improved customer satisfaction
- More engaged employees
- Reduced risks
- Potential fines if not GDPR compliant
- Lack of Visibility, audit trail
- Risk to Business
- Risk to Assets
- Risk to staff/public
- Risk to reputation
- Legal Liability
- Loss of trust
- High Future security costs
- Cost of Forensic Investigation
- Loss of revenue