NFOQUE ADVISORY SERVICES UK LTD

GDPR assessment of policies and procedures for cloud data platform

As organisations move their data to the cloud, previous efforts for GDPR compliance will require review. This assessment, delivered by workshops and questionnaire, identifies gaps to policies and procedures which have appeared due to innovation, additional PII, new data types and volumes. The assessment is concluded with a report submission.

Features

• Assessment of leadership and oversight (DPO) for cloud data PII
• Assessment of policies and procedures for cloud data PII
• Assessment of training and awareness for cloud data PII
• Assessment of individuals' rights (DSARs) for cloud data PII
• Assessment of transparency and privacy for cloud data PII
• Assessment of ROPA and lawful basis for cloud data PII
• Assessment of contracts and data sharing for cloud data PII
• Assessment of records management and security for cloud data PII
• Assessment of breach response and monitoring for cloud data PII
• Assessment risks and DPIAs for cloud data PII

Benefits

• Price certainty: based on scope and complexity of cloud PII
• Customer trust: promoting transparency, availability, security, integrity of cloud PII
• ICO guidelines: aiding compliance of policies, procedures and cloud PII
• Risk management: helping close gaps which have appeared since 2018
• Data privacy strategy: provides inputs and insights for roadmap
• Supply chain confidence: business partners more willing to share data
• Better information governance and security: practices will aid ISO27001
• Key deliverable: completed GDPR gap analysis spreadsheet with responses
• Key deliverable: written report with recommendations for GDPR next steps
• Agnostic: valid for Azure, AWS, GCP, Snowflake, Databricks and more

£700 to £800 a unit a day

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at julian.human@nfq.es. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

584718849793711

Contact

Julian Human
07311443699
julian.human@nfq.es

Planning

• Planning service: Yes
• How the planning service works: Moving data to the cloud brings many new opportunities for innovation. Additional data sources, digital services, emerging AI and Machine Learning, and data sharing, are all likely to challenge any existing GDPR compliance which may not have been reviewed since 2018.; ; It is essential that before embarking on or further developing cloud data initiatives, a review of existing GDPR processes and policies takes place to understand new gaps which will appear when cloud data platform is considered.; ; The GDPR assessment will have a fixed price, offering price certainty. The size and scope will depend on:; ; 1. Scope of PII and organisational functions supported by cloud data platform; 2. Availability and collaboration with existing DPO function; 3.Sensitivity of PII, knowledge of data use cases and complexity of cloud data infrastructure; ; The GDPR assessment should be planned beforehand to agree the scope, size and specific objectives. Organisational resources will need to be be made available particularly within the DPO as well as existing GDPR/data privacy documents, artefacts and tools. NWorld would seek to have an initial planning meeting with the requesting organisation.; ; The duration and cost will depend on the factors above, but typical is 8-20 man days.
• Planning service works with specific services: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: Where there is personal identifiable information (PII) thought to be moving to the cloud, it is a legal requirement that organizations meet GDPR and the Data Protection Act 2018. Failure to do this or suffering data breaches can lead to large fines and poor publicity.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: No

Security testing

• Security services: Yes
• Security services type:
  • Security risk management
  • Cyber security consultancy
  • Security audit services

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: In a cloud environment, the responsibility for GDPR compliance is usually a shared responsibility between the organisation and the cloud data platform provider. NWorld will provide the assessment, the gap analysis, a compliance roadmap if required and further support to help meet the roadmap (but this is follow-on scope.) The responsibility for compliance is and must remain with the organisation's DPO. NWorld will work as an advisor or trusted friend. NWorld's offering is policy, process and data led - for the cloud. NWorld do not cover the legal aspects or advice of GDPR.

User support

• Email or online ticketing support: No
• Phone support: No
• Web chat support: No
• Support levels: GDPR assessment and on-going advisory services is a consultative arrangement with a fixed/limited duration. Longer term "call off" type engagements can also be arranged on a "time and materials" basis.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: European Quality Assurance Spain, S.L. (EQA España): ISO27001:2017
• ISO/IEC 27001 accreditation date: 03/11/2022
• What the ISO/IEC 27001 doesn’t cover: All operations are covered in all NWorld entities globally
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISO27001

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  The GDPR assessment delivered by NWorld will meet the following policy outcome:; ; - Effective stewardship of the environment; ; How? ; ; - The GDPR Assessment engagement can be (mostly) delivered remotely (wfh) using on-line meeting technology, cloud environments and internet. Travel and commuting is eliminated.; ; - NWorld, its clients and business partners recognise the impact of climate change and understand the importance of sustainability. The NWorld Environmental policy is to be a responsible organisation with regard to the protection of the environment.; ; - NWorld is committed to complying with accepted environmental practices, including the commitment to meet or exceed applicable legal and contractual requirements, to strive for continual improvement in our management of the environment, and to minimise the creation of waste and pollution. We will, therefore, manage our processes, our materials and our people in order to reduce the environmental impacts associated with our work.; ; - NWorld adheres to the best practices of the IS0 14001 Environmental Management System (where they are applicable) in order to further enhance our environmental performance. The main objectives are to:; • Investigate the reduction in use of environmentally damaging substances and; processes.; • Reduce, reuse and recycle waste and packaging.; • Improve the efficiency of energy usage

  Covid-19 recovery

  The GDPR assessment delivered by NWorld will meet the following policy outcome:; ; - Help local communities to manage and recover from the impact of COVID-19; ; How?; ; - NWorld continues to support employees through the Covid-19 pandemic recovery by committing to effective and comfortable remote working environments for all employees, clear and reassuring communication on developments relating to the impact of Covid and business continuity, risk assessments, a company furlough scheme, and adoption of digital technologies, all intended to balance business operations and continuity, with staff wellbeing.; ; - NWorld continues to support employees navigate the transition back to the workplace by mitigating risk and aligning with national guidance, such as desk booking in order to maintain a degree of effective social distancing.; ; - GDPR assessment services can be delivered remotely and can be delivered in a way which fits with our client organisation's COVID recovery policies too.

  Tackling economic inequality

  The outcome of the GDPR assessment will help meet the following policy outcome:; ; - Increase supply chain resilience and capacity; ; How? ; ; - Becoming GDPR compliant will help ensure the integrity of PII data being shared in the supply chain. This will help new businesses launch innovative services which rely on reliable data. It will also help partnerships and collaborations between these companies. New technologies will drive down costs whilst making services quicker and more reliable. Companies which have met their responsibilities will be preferred choices for contracts and collaborations.; ; - Create new businesses, new jobs and new skills; ; How?; ; - The innovative services mentioned above and opportunities for data and technology centric supply chains will encourage new jobs, training and up-skilling for employees; - New jobs and new skills investment are based on merit and aptitude. Race, religion, sexuality, age or social/economic background play no part in who NWorld employs or in whom they invest.

  Equal opportunity

  The outcome of the GDPR assessment will help meet the following policy outcome:; ; - Tackle workforce inequality; ; How?; ; - Ensure that current and ex-employees can make Data Subject Requests to make sure PII stored on them is complete and accurate, to opt out of automatic processing (which may be considered discriminatory) or to request to be removed entirely from a database; ; - NWorld retains a diverse workforce where differences are celebrated and valued, and where all employees can confidently work in an environment which promotes dignity and respect. ; - Within NWorld all workers and job applicants are treated equally and given the same set of opportunities regardless of age, disability, gender / gender reassignment, marriage / civil partnership, pregnancy / maternity, race, religion or belief, sex, or sexual orientation (the protected characteristics.) Employees are expected to extend the same rights to clients, without discrimination based on the characteristics outlined above. Policies and procedures are in place to ensure adherence to this conduct, and all employees are made aware of the policies, with HR and management given appropriate responsibility for ensuring that their staff operate within and comply with the policy. Clear processes are in place which enable employees to raise any discrimination or harassment concerns, and have them appropriately addressed. In addition, full account will be taken of any guidance or Codes of Practice issued by the Equality and Human Rights Commission, any Government Departments, and any other statutory bodies. NWorld's equality policy has been agreed with trade unions and/or employee representatives.

  Wellbeing

  NWorld seeks to improve the following policy outcome:; ; - Improve health and wellbeing; ; How?; ; - NWorld has a unique nurturing culture where everyone has a voice and is integral to contributing to the success of the organisation. This culture plays a very important part in NWorld’s success and our employees' overall well-being & job satisfaction.; ; - NWorld benefits include Vitality health scheme membership whereby each employee can track their exercise, steps etc and be rewarded with reduced cost life assurance, cinema, coffee vouchers etc. The health scheme also includes very accessible, free and flexible mental health coaching and treatment, physiotherapy sessions all on-line or face to face.

Pricing

• Price: £700 to £800 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at julian.human@nfq.es. Tell them what format you need. It will help if you say what assistive technology you use.