The media is increasingly filled with examples and stories concerning cyber-security, breaches, and the dire consequences experienced by firms who have got it wrong.
Regulation and statute are both addressing the issues and establishing frameworks in which firms should operate, but this is an on-going process and is often pitched at an abstract level devoid of real-world interpretation.
In addition, regulation is often couched in terms of a proportionate solution with the very real threat that a firm could be found badly wanting after the event.
At a firm level there is still sometimes an IT knowledge gap at the senior management level and a communications gap between IT practitioners and the senior management they serve.
How can senior management be confident that they have correctly:
- identified their IT and cyber threat risks?
- mitigated these risks in a proportionate and on-going manner?
- verified that this has been accurately communicated to their IT departments or service providers and has been implemented as required?
Complyport offers a cyber-security coordination service to guide firms in fulfilling their regulatory obligations toward cyber-security including:
- advice on governance, policies and procedures
- Business Continuity Plan (BCP)
- Disaster Recovery (DR) planning and documentation
The service covers education of senior management on their expected roles and responsibilities, levels of engagement and subject awareness.
We will also provide advice and information regarding:
- data risk classification
- retention policies
- personal data security
- privacy requirements
- vendor/supplier due diligence
Complyport offers online employee awareness training in cyber-security through its online ComplyTracker system.
We can also provide, through our partners, cyber security audit (including penetration testing services) at all levels and have strong relationships with firms in the United States to provide complimentary services for firms operating under SEC and CFTC regulation.