Ernst & Young LLP (EY)

Privacy Assessment and Remediation Plan

Service consists of Data Privacy current state assessment, target state definition and remediation. It provides data identification, analysis, relevant business processes and potential weaknesses identification which then is used to assess and enhance the corporate privacy governance.

Features

• Identify relevant assessment areas and other regulatory obligations to consider
• Initial analysis of Company’s current state compared to regulations
• Initial analysis of Company’s current state compared to regulations
• Developed remediation plan and detailed assessment results

Benefits

• Suggested good-fit tools to formalize privacy processes
• Suggested good-fit tools to formalize privacy processes
• Insight to current state maturity against requirements of privacy regulations
• Visibility into current Privacy compliance state
• Informed roadmap with recommendations

£200 to £2,600 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at EYTenders@uk.ey.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

883456623746759

Contact

EY Tenders
+44 (0) 20 7951 2000
EYTenders@uk.ey.com

Planning

• Planning service: Yes
• How the planning service works: EY’s cyber security services support the planning and implementation of cloud solutions.
• Planning service works with specific services: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Specifically related to the software solution we are helping clients pilot or evaluate, based on defined business and technical requirements.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
• Certified security testers: Yes
• Security testing certifications:
  • CREST
  • Other
• Other security testing certifications:
  • SANS Incident response
  • SANS Incident response
  • OSCP – Offensive Security Certified Professional
  • Certified Red Team Expert (CRTE)
  • Offensive Security Certified Expert (OSCE)
  • Certified Information Systems Security Professional (CISSP)
  • Offensive Security Wireless Professional (OSWP)
  • Certified Information Systems Auditor (CISA)

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: EY is a regulated provider of audit services. In the event of conflict with legal or regulatory provisions, EY may not be able to provide services. We will work with you during the proposal stage to identify any such constraints.

User support

• Email or online ticketing support: No
• Phone support: No
• Web chat support: No
• Support levels: NA

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 24/02/2022
• What the ISO/IEC 27001 doesn’t cover: Covers ISMS that covers systems, assets and processes related to all client data that is stored, processed and transferred to EY.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: No

Social Value

• Fighting climate change:

  Fighting climate change

  EY is committed to fighting climate change. Our ethos is to go beyond ‘just working sustainably’ – we continuously work with governments and businesses towards a more sustainable future. We are part of the United Nations Global Compact (UNGC), and our environmental strategy is aligned with the UNGC environmental principles. Our sustainability measures and achievements include: ; •Reducing our carbon footprint: In January 2020, EY announced a global commitment to become carbon neutral. We achieved this in December 2020. We then became carbon negative in 2021 and we are forecast to reach net zero in FY25. We are reducing emissions and offsetting or removing more than the remaining amount annually. We are forecast to reduce emissions by 40% by FY25, against a FY19 baseline, consistent with our 1.5°C Science Based Target.; •Purchasing renewable energy: We have purchased zero-carbon electricity since 2009 and reduced global consumption by 5.5%. In 2019, we phased out natural gas, replacing it with zero-carbon biogas fuel sources. In December 2020, we signed a 10-year power purchase agreement with Lightsource to provide us with solar energy for the next ten years.; •Eliminating waste: We’ve reviewed our waste cycle and are reducing upstream packaging from our supply chain. For downstream waste, we have recycling points in all our offices, clearly labelled for plastics, cardboard, confidential papers, and general waste. We have achieved:; -99.8% of waste diverted from landfill to recycling or reuse.; -Overall waste reduction of 45% since 2015, including 60% in food, 75% in paper and 75% in confidential waste.; -Drop in single-use plastics by 91.3% through our award-winning plastic reduction strategy. This has eliminated 6.5 million disposable coffee cups and 1.2 million packaging items.; -Food waste and coffee grounds from our offices are turned into biofuels and bio-chemicals instead of being sent to landfill.
• Covid-19 recovery:

  Covid-19 recovery

  EY is committed to helping our people and communities to recover from the impact of COVID-19. In response to the pandemic, we moved to a remote working model for over 17,000 UK-based staff, increased special leave and provided meaningful mental health support. ; We have identified young people (aged 18-24) to be disproportionately affected by COVID-19 and have worked closely with our independent charity, the EY Foundation (EYF), to improve social mobility during this time. We converted all EYF activities to a virtual platform to ensure we can still support young people through all our programmes. In 2021, we secured £2.2m in funding for EYF and supported 2,440 young people. Examples of programmes that EYF provides to support COVID-19 recovery include:; •Smart Futures: A 10-month programme for young people eligible for free school meals or a college bursary. The programme develops employability skills and offers a paid, two week work experience payment. Students achieve a Chartered Management Institute (CMI) Level 2 Qualification and receive 10 months of mentoring support.; •Our Future: A six month programme for young people qualifying for free school meals and who face barriers entering the labour market. This programme develops transferable skills, students receive paid work experience, gain a CMI Level 2 adult qualification and six months mentoring support. The students also take part in an ‘Entrepreneurship Day’. For example, they have designed mobile apps looking at solving social issues such as ‘tackling isolation and loneliness in the community’.; •Support via the Neuro-Diverse Centre of Excellence – Through EY’s UK NCoE and our external ecosystem of organisations, we are supporting a team of neurodivergent staff with additional adjustments, above and beyond our existing support, to promote psychological safety in the office and whilst working at home. This helps those who identify with a ‘spikier' profile to thrive.
• Tackling economic inequality:

  Tackling economic inequality

  EY is committed to tackling economic inequality. Through our work with the EY Foundation, we have developed an in-depth understanding of the challenges experienced by those who face barriers to employment and training and/or who are in deprived areas. We are providing new learning and employment opportunities to these populations via EYF programmes, some of which include:; • EY Ripples is our global Corporate Responsibility programme that helps our people use their skills, knowledge and experience to positively impact the lives of 1 billion people by 2030. The focus areas of Ripples are to 'accelerate environmental sustainability', 'support the next generation workforce' and 'work with impact entrepreneurs’. Our staff currently get two days a year each to provide skilled volunteering on EY Ripples activities. ; • Accelerate helps social enterprises to grow and thrive, increasing their impact on local economies and creating social change. It provides in-depth business support and mentoring, with access to skills and training from business coaches, workshops, networking opportunities and 35 hours of pro-bono support.; • Employability Workshops provide Year 10/11 students the opportunity to build knowledge of careers and develop soft skills within a business environment. Each workshop introduces 25-35 young people to a range of careers, employability skills training, and employer connections. ; • Driving recruitment and employment via the NCoE – The Neurodivergent community can be underrepresented in the workforce, with only 29% of autistic adults in employment according to the ONS. We are advising clients on new strategies to attract and retain neurodiverse talent.
• Equal opportunity:

  Equal opportunity

  EY is committed to creating a diverse and inclusive working environment in which all people have equal and equitable opportunities to succeed. We continually collect, analyse and review diversity monitoring data (diversity characteristics, not limited to the protected ones in the Equality Act) across the employee lifecycle, to create initiatives and understand which ones are working. For example, we: ; •Voluntarily exceed statutory reporting obligations. Our annual UK&I Pay Gap Report has reported on gender, ethnicity, sexual orientation, and disability pay gaps since 2017. ; •Use skills-based recruitment for graduates and have eliminated minimum degree/A-Level requirements to remove barriers to entry. ; •Run award-winning sponsorship programmes to build our leadership pipeline, helping our women and ethnic minority population progress. ; •Providing equal access to project opportunities, using technology to ‘blindly’ match individuals to roles based solely on skills, experience, and availability. ; •Introduced an Inclusion & Belonging Badge to develop staff skills to establish inclusive, open, and safe environments.; •Ranked as one of the UK's Top 100 employers for LGBT people in Stonewall UK’s annual Workplace Equality Index.; •Created the National Equality Standards (NES), a set of standards by which businesses can measure their equality and diversity policies and performance. The NES provides a list of standards and competencies which organisations can follow and embed to promote diversity and act as standard bearers for a more inclusive working world.; •Set up a UK Neuro-Diverse Centre of Excellence (NCoE) to ramp up recruitment of people who identify with cognitive differences and who may have had challenges gaining employment. We will recruit up to 150 neurodivergent individuals into NCoE over the next three years, to fuel technology innovation with creative diverse thinking. The NCoE environment provides additional adjustments for those with cognitive differences such as autism, ADHD, Dyslexia, and others.
• Wellbeing:

  Wellbeing

  EY is committed to enabling our staff to be healthy and fully engaged to support our goal of building a better working world and deliver an exceptional client experience. We have a long-established programme called HealthEY, which looks to understand and provide practical support for employees’ mental, physical, financial, and social wellbeing. Our offering is comprehensive and aspects such as our domestic abuse support, health knowledge programme and financial wellness offerings are considered market leading. We support wellbeing for our people, clients, and communities in the following ways:; • Health knowledge and prevention: Enhancing understanding so staff can be at their best, for example: a monthly webinar programme, eLibrary, newsletters and WellPoint kiosks (to regularly help staff self-assess their own health metrics).; • Health Services: Ensuring we have the right health services and pathways in place to support employees in times of need, for example: occupational health, office treatments, and digital doctor.; • Mental health support: Our approach called ‘Thinking Differently’ aims to educate and build awareness of mental health and wellness, including stories/videos, a specific psychological care pathway (plus psychiatric fast track treatment through Aviva), mental health first aid, employee counselling, and Mental Health Network; • Supporting neuro-diverse requirements: Though the NCoE, we are creating psychologically safe working environments for existing employees, new recruits, clients, and where possible, our local communities. For example, we have introduced an adapted four step recruitment process culminating in a four day ‘superweek’ work simulation which provides the opportunity to experience a working day and EY culture. This allows us to understand candidates’ needs and inform on adjustments that we may need to make to help them thrive at EY.

Pricing

• Price: £200 to £2,600 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at EYTenders@uk.ey.com. Tell them what format you need. It will help if you say what assistive technology you use.