Actica Consulting

Data Protection and Privacy Services

Actica Consulting provides data protection and privacy support in accordance with data protection legislation and best practice. Our consultants can help you ensure your cloud solutions are compliant with the Data Protection Act (DPA), the Privacy and Electronic Communications Regulations (PECR) and the UK General Data Protection Regulation (UK GDPR).

Features

• Data Protection Impact Assessment (DPIA) to Information Commissioner’s Office (ICO)-guidelines
• Privacy-by-Design and Privacy-by-Default implementation
• Data ownership, lifecycle and governance implementation
• Impact assessment of the General Data Protection Regulation (GDPR)
• Data Protection Act compliance assessment
• Cloud-specific privacy assessment
• Data location, erasure, access, anonymization and portability support
• Data subject rights including notice, access, rectification, objections and restrictions
• Security monitoring and breach reporting
• Experience with AWS, Azure, GCP, and MODCloud

Benefits

• Reduces privacy risks of your project, programme or business activities
• Ensure you meet your legal and regulatory data protection requirements
• Support all classifications, including OFFICIAL, SECRET and TOP SECRET
• Future-proof your systems against legislative changes
• Help ensure legal compliance with UK GDPR requirements
• Aligns privacy solutions to business objectives
• Reduced costs through pragmatic privacy controls selected by experienced consultants
• Partnership working and skills transfer to enhance your capability
• Sectors: Defence, Education, Fire, Health, Justice, Local Authority, Police, Transport

£300 to £1,430 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at cloud@actica.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

340755333724401

Contact

Michael Murphy
+44 (0) 1483484090
cloud@actica.co.uk

Planning

• Planning service: Yes
• How the planning service works: Actica can provide expert security advice on all aspects of data protection and privacy, including the Data Protection Act (DPA), the Privacy and Electronic Communications Regulations (PECR) and the UK General Data Protection Regulation (UK GDPR). Our consultants can develop a Data Protection Impact Assessment (DPIA) at any stage of a project, programme or system implementation to help you implement privacy-by-design and privacy-by-default best practices. We can help you understand the data ownership and control issues for complex multi-organisational systems and implement appropriate data governance and lifecycle processes. We have an in-depth understanding of the DPA, PECR and GDPR and can assess your current compliance, identify any required actions to improve compliance and help you implement them. We can assess the data protection and privacy compliance of your cloud systems, including data location, erasure, access, anonymization and portability issues. We can provide advice to the development and implementation of strategies, and plans. It is beneficial to do this in the planning stage of an initiative so that the architecture can be ‘compliant by design’, avoiding a large range of possible issues and headaches than can occur later if this is not done.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: Actica can provide expert security advice on all aspects of data protection and privacy, including the Data Protection Act (DPA), the Privacy and Electronic Communications Regulations (PECR) and the UK General Data Protection Regulation (UK GDPR). One part of this is user awareness training. We are happy to advise on training requirements for users, and deliver the awareness training required for more ‘hands-on’ members to your team.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: Actica can provide expert security advice on all aspects of data protection and privacy, including the Data Protection Act (DPA), the Privacy and Electronic Communications Regulations (PECR) and the UK General Data Protection Regulation (UK GDPR). Our consultants can develop a Data Protection Impact Assessment (PIA) at any stage of a project, programme or system implementation to help you implement privacy-by-design and privacy-by-default best practices. We can help you understand the data ownership and control issues for complex multi-organisational systems and implement appropriate data governance and lifecycle processes. We have an in-depth understanding of the DPA, PECR and GDPR and can assess your current compliance, identify any required actions to improve compliance, and help you implement them. We can assess the data protection and privacy compliance of your cloud systems, including data location, erasure, access, anonymization and portability issues. We can provide advice for the development and implementation of strategies, plans and systems for security monitoring and incident management. This needs to be done when migrating to or between new services so that issues are not introduced that could leave your organisation liable later on.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Actica can provide expert security advice on all aspects of data protection and privacy, including the Data Protection Act (DPA), the Privacy and Electronic Communications Regulations (PECR) and the UK General Data Protection Regulation (UK GDPR). Our consultants can develop a Data Protection Impact Assessment (DPIA) at any stage of a project, programme or system implementation to help you implement privacy-by-design and privacy-by-default best practices. We can help you understand the data ownership and control issues for complex multi-organisational systems and implement appropriate data governance and lifecycle processes. We have an in-depth understanding of the DPA, PECR and GDPR and can assess your current compliance, identify any required actions to improve compliance, and help you implement them. We can assess the data protection and privacy compliance of your cloud systems, including data location, erasure, access, anonymization and portability issues. We can provide advice for the development and implementation of strategies, plans and systems for security monitoring and incident management.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
• Certified security testers: Yes
• Security testing certifications: Other
• Other security testing certifications:
  • National Cyber Security Centre (NCSC) Assured Consultancy
  • CCP Certified Consultants
  • Chartered Cyber Security Professionals

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by a third-party organisation
• How the support service works: Actica can provide expert security advice on all aspects of information assurance and security, including the implications of the HMG Security Policy Framework (SPF), the Government Classification Scheme, the International Standard on Information Security Management (ISO 27001), the Data Protection Act, the Privacy and Electronic Communications Regulations (PECR) and the UK General Data Protection Regulation (UK GDPR). We can advise on Protective Monitoring, Incident Management, Forensic Readiness, Disaster Recovery (DR) and Business Continuity Planning (BCP), providing supplier security assurance and supporting compliance and audit activities. We can help you specify any security testing and IT Health Check (ITHC) required, arrange for these to be performed by a CREST and/or PCI approved supplier, and help you in undertaking any remediation as necessary. Ongoing security and information assurance support can be provided to a tailored specification, often including:; • Data handling assessments in accordance with the SPF, including governance and culture ; • Maturity assessment and implementation against NST CSF, PRISMA and C2M2; • Data Protection Act (DPA), PECR and GDPR support; • Security incident investigation and information forensics; • ISO 27001 support, including gap analysis and ISMS implementation; • Cyber and security support to the delivery of digital systems

Service scope

• Service constraints: None

User support

• Email or online ticketing support: No
• Phone support: No
• Web chat support: No
• Support levels: N/A

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Bsi
• ISO/IEC 27001 accreditation date: 18/01/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  At Actica Consulting, we are a company that cares about the environment. Our EMS (Environmental Management System) is certified to ISO14001:2015 and we are committed to reducing our already very small environmental footprint. We set annual SMART objectives as part of our commitment to continuously improve our environmental management, enhance environmental performance and reduce pollution. ; ; As stated in our published Carbon Reduction Plan, we are committed to achieving Net Zero no later than 2050 (though we aim to be much faster) and to play our part in keeping the global temperature rise within 1.5 degrees. Our CRP is updated annually to record progress and set targets for the year ahead.; ; Actions we take include, but are not limited to: establishing environmentally sensitive purchasing policies (buying recycled or long-life products; favouring products derived from natural/sustainable sources) and monitoring the environmental performance of our suppliers; ensuring that all decisions regarding working practices and purchasing take environmental considerations into account. We measure, monitor and minimise our usage of resources and consumables, and our greenhouse gas emissions. We actively look for ways to reduce waste and recycling, and encourage the use of sustainable modes of transport. We encourage home working and the use of virtual collaboration tools. Finally, we encourage our employees and suppliers to suggest ways to further develop our EMS.; ; For the provision of these services, we commit to offsetting the carbon footprint for the development of the Actica deliverables and, if requested, will provide certification verifying this action has been completed within a month of project completion. In 2023, Actica offset 5tCO2e, through similar schemes.

  Covid-19 recovery

  Since the pandemic, Actica has maintained its commitment to its people and to uplifting others by offering employment opportunities and training, and leveraging our high-growth sector to create jobs. In the period from Mar '20 to April '24, we employed 122 new staff members, resulting in a c20% net increase in the number of employees per annum.; ; Actica undertakes a range of measures to aid with economic recovery from COVID-19 - especially at a local level - including promoting the benefits of staying local and ensuring money is spent supporting local businesses. We support recruitment events away from our SE England base and have recruited staff across the UK, ensuring that they benefit directly from our activity.; ; At Actica, the health and well-being of our staff comes first. We provide office equipment, and whatever else is needed to ensure the highest level of wellbeing and support to our staff. Where in-person working is required, Actica ensures that client sites meet our high standards for COVID safety. Recognising the importance of mental health, Actica has implemented a support structure which pairs up staff for ‘kitchen chats’; providing social stimulation for a healthy working-life balance. ; ; Actica has fully embraced hybrid working, leveraging video-conferencing and online collaboration tools. We foster a close, remote-working relationship with clients through regular informal video calls. Actica is committed to retaining flexible working for our staff and engages with customers to deliver our services most efficiently - removing unnecessary travel and reducing commuting at peak times. We fully accommodate staff that require special considerations due to shielding, and allocate them specifically to remote working projects.

  Tackling economic inequality

  Actica is compliant with the processes and procedures contained within the Modern Slavery Act 2015. Our anti-slavery and human trafficking policy applies to all staff, as well as other persons representing Actica in a working capacity. This including employees at all levels, contractors and suppliers. We are committed to promoting and maintaining the highest possible ethical standards in all of our business activities, and have a zero-tolerance policy towards bribery and corruption. We are committed to acting fairly and with integrity in all of our dealings and relationships. We have implemented and currently enforce an effective system to counter bribery. Our anti-bribery policy provides details of our approach. ; ; Actica are pleased to confirm that all of our staff and associates are paid above the real living wage, in addition to receiving a pay review following every performance review. Furthermore, we hold formal accreditation from the Living Wage Foundation as a living wage employer. In our supply chain of associates, we prefer to work with known and trusted associates with well-established subcontracts and working practices. We do not use zero-hour contracts, and prefer to subcontract based on fixed-price deliverables. We are able to accommodate working both inside and outside of IR35 regulations as needed.; ; Actica has supported a number of young people to obtain an apprenticeship in Cyber Security.

  Equal opportunity

  Actica is committed to ensuring fair treatment of all stakeholders in our business from customers to employees. We are a Disability Confident Committed employer (certificate: DCS024208). We believe in equality of opportunity and inclusion, where Actica’s Equality, Diversity and Inclusion policy goes beyond what we are required to do to ensure all contributions are valued and respected. We ensure that in all our activities we promote equality and provide respect to all, irrespective of marital or civil partnership status; having or not having dependants; religion or beliefs; race (including colour, nationality, ethnic or national origin); disability; sex or sexual orientation; age; or pregnancy and maternity. This policy extends beyond our own employees to client personnel, subcontractors, suppliers and potential recruits, and underpins our approach to recruitment of staff and engagement with our supplier base.; ; We require all of our staff and people within our supply chain to uphold our equality principles. We have effective procedures in place to ensure equal opportunities for all, preventing discrimination, harassment and bullying – fostering a culture which values diversity and inclusion. Our equality and diversity policy provides more details of our approach and a member of the board actively monitors our compliance to the policy to ensure any opportunities for improvements are identified, considered and implemented as needed. Actica is covered by the Modern Slavery Act 2015; our compliance with the processes and procedures contained within the Modern Slavery Act 2015 is set out in our Modern Slavery policy and statement.

  Wellbeing

  Actica is a company that is committed to supporting the health and wellbeing of our staff, both physically and mentally. We make every effort to ensure that our people are physically comfortable working at home by providing office equipment, and whatever else is needed (subject to individual accessibility requirements). Where in-person working is required, Actica ensures that a client’s site meets our high standards for safety.; ; Actica knows that mental health is just as important as physical health. Actica has implemented a support structure - which the Directorate promotes - where staff optionally pool their names for ‘kitchen chats’; providing much-needed social stimulation. A Company Director is responsible for the Mental Health services we offer to our employees, which includes overseeing regular communications and awareness campaigns via both virtual and physical means. We have established our Metal Health First Aid team, all of whom have undergone Mental Health First Aid Training with Mental Health England and have communicated their presence and purpose to the company. Additionally, we offer private medical insurance to our staff. This includes full mental health cover which incorporates confidential access to trained counsellors.; ; Throughout service delivery, we promote a team-culture with regular, collaborative workshops and informal social team video calls, with both Actica and client team members encouraged to join. This is particularly important where individuals are unable to routinely meet and engage with colleagues. ; ; We believe in playing a responsible role in our community and giving back to society. A big part of this is fundraising. We support upReach, a charity committed to supporting undergraduates from lower socio-economic backgrounds to access and sustain top graduate jobs, and SSAFA, the Armed Forces charity. Actica also sponsors the Manchester ‘Look After Yourself’ charitable conference, which supports and celebrates the work of mental health bodies.

Pricing

• Price: £300 to £1,430 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at cloud@actica.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.