CyberaaS

Our Solutions

The Solution to Your Headache

At AI-CyberPriv, we offer several solutions to make your life a whole lot easier. These include:

Cyber Security as a Service (CyberaaS)

'Privacy as a Service' (PaaS)

Clients will be able to subscribe to a mixture of the data protection / privacy services outlined below under the ‘Privacy as a Service’ (PaaS) heading – please speak to a consultant for more information on this offering and we’d be more than happy to prepare a bespoke service offering and quote for you.

  • Virtual Chief Privacy Officer (vCPO) 

A vCPO directs a company’s data privacy strategy, helping to steer the business through the complex array of different data protection regulations that might affect the organisation concerned.

As your vCPO we will help your business to look for ways in which privacy can add value to the business, using it in a positive way to help gain a competitive advantage. The vCPO’s duties typically include:

  • Providing strategic steer on all things Data Protection/ Privacy related.
  • Keeping on top of the latest developments on the evolving data privacy landscape.
  • Guiding privacy policies, processes, governance, and compliance.
  • Managing, monitoring, and continually improving data protection measures.
  • Driving privacy awareness within the organisation.
  • Liaising with regulators and the media in relation to privacy matters.
  • Helping to develop and maintain trust with privacy conscious consumers.

Virtual Data Protection Officer (vDPO)

We will register and act as the vDPO for the business by performing the roles and responsibilities assigned to me under Article 39 of the GDPR, e.g.:

  • Overseeing the establishment and maintenance of the personal data processing register (the so-called Article 30 record of processing [ROPA]) –GDPR Article 39(1)(a).
  • Advising on the necessity for a DPIA, the manner of its implementation and outcomes – GDPR Article 39(1)(c).
  • Providing guidance and support on data breach monitoring, management and reporting –Article 39(1)(a).
  • Serving as the point of contact for data protection authorities (DPAs) and Data Subjects in relation to all relevant data protection issues – Article 39(1)(d) and (e).
  • Providing advice and guidance on how to manage and respond to privacy rights requests from individuals (information, access, rectification, objection, erasure, data portability) – Article 38(4).
  • Facilitating GDPR awareness training and the training of staff involved in data processing operations.
  • Monitoring compliance with the GDPR – Article 39(1)(b).
  • Spearheading and project managing the GDPR compliance programme for the business, including attending / heading steering committee meetings, etc.

Virtual Privacy Officer (vPO)

Providing support to the vCPO and / or vDPO on all Privacy related issues, including helping to run an manage the Privacy compliance project / plan for the business.

Virtual Cyber Security & Privacy Lawyer (vCSPL) 

Providing independent legal advice and support to the client and/or vCPO vDPO so the client doesn’t need to consult with (costly) external lawyers.

The benefit of engaging a vCSPL is that there won’t be any need to sign separate engagement letters with external lawyers or to keep briefing new lawyers as the vCSPL will have access to the client and direct lines of contact (with a system of Chinese walls being implemented internally to avoid any conflicts) with the vCPO and/or vDPO.

EU Representative Services

Under this annual subscription service, we will serve as your EU representative under Article 27 of the EU GDPR via our network of carefully selected associates.

As your EU Rep, we will:

  • Act as your local point of contact for any data subjects /supervisory authorities (SAs) in relation to all matters relating to your data processing activities;
  • Register with all relevant local SAs and regulators – as required;
  • Store a copy of and maintain a record of your processing activities (ROPA) as required under Article 30 of the EU GDPR and make said ROPA available to any relevant supervisory authorities; and
  • Liaise with supervisory authorities on your behalf where required.
  • We can also act as your UK Representative if required.

'CISO as a Service' (CISOaaS)

We know that a full time Security leader might be expensive and time consuming to recruit. We can provide an experienced vCISO that has the technical expertise and business acumen to make an immediate difference to your Security posture.

Our people have a rich background of experience to draw upon that spans a variety of industry sectors including – Finance, Central Government, Defence, Pharmaceutical and Retail.

Whether you need support in securing your IT environment, organising and governing security, improving how you manage security incidents or you simply don’t know – we can adapt to your needs and support your requirements.

Virtual Chief Information Security Officer (vCISO)

A vCISO will:

  • Provide your organisation with an Information Security Risk Assessment to articulate the cyber security threats faced to your organisation and its assets.
  • Deliver a business aligned, Information Security Strategy and Security Target Operating Model bespoke for your organisation.
  • Provide your organisation with a current state assessment of your current IT Security capabilities and provide you with a prioritised transformation roadmap of where improvements to people, processes and technology should be made.

This will factor in:

  • The current threat landscape for your industry sector.
  • Existing risks known to the organisation.
  • Regulatory, legislative & contractual requirements of your organisation.

The vCISO will provide ongoing governance for the outlined changes to help ensure the benefits are realised.

  • Deliver ongoing security presence and support to leadership teams and delivery programmes. Security thought leadership and consideration is continuously provided to guide your organisation through any existing IT change/transformation that’s underway.
  • Provide oversight and leadership for ongoing security risks, escalations and incidents to ensure that they are managed to prevent unacceptable losses to your organisation.

Typical vCISO duties that we provide are:

  • Strategy:
    • Deliver a business aligned, Information Security Strategy and Security Target Operating Model bespoke for your organisation.
  • Assessment:
    • Provide your business with an Information Security Risk Assessment to articulate the cyber security threats faced to your business and its assets. This is includes:
      • The current threat landscape for your industry sector.
      • Existing risks known to the business.
      • Regulatory, legislative & contractual requirements of your business
  • Improvement:
    • Provide your business with a prioritised transformation roadmap of where key improvements to people, processes and technology can be made.
    • Support in preparing business case/fund securing process.
  • Oversight:
    • The vCISO will provide ongoing governance and support for the delivery of any proposed improvements to ensure the benefits are realised for your business.
    • Provide ongoing security leadership and presence. Guide your business through any ongoing IT or Security transformation that are underway.
    • Act as a point of contact for security risks, escalations and incidents to help ensure that they are managed effectively.

Cyber Essentials and IASME Governance Standards Assessments – which includes an assessment of ‘GDPR Readiness’

The GDPR provides for two processes under which organisations can demonstrate that their processing of personal data is compliant with data protection laws (thereby satisfying the accountability requirement under the GDPR), these are:

  1. Codes of Conduct; and
  2. Certifications Schemes.

Until recently, organisations have been unable to rely on the above processes because the administrative framework for gaining the requisite approval from the UK Information Commissioner (ICO) of a proposed code or scheme wasn’t ready.

However, since 27 February 2020, it’s been possible for UK organisations to submit their proposals for a GDPR code of conduct or certification scheme criteria to the ICO for their approval, but this process is both time consuming and expensive, so then the next best thing would be to focus on demonstrating compliance with any other recognised data protection / cyber security standards, e.g. the UK’s Cyber Essentials and IASME Governance Standards (which includes an assessment of GDPR requirements) which would be an affordable and achievable alternative to trying to evidence compliance with other international standards, e.g. ISO/IEC 27001.

We can help your organisation with the IASME Governance Self-Assessment which assesses your compliance with the Cyber Essentials scheme and your GDPR readiness. Once we’ve completed the assessment, your organisation should receive a certificate confirming your Cyber Essentials certification and your business would also be able to use the IASME ‘Governance with GDPR logo’ to demonstrate to your customers, and employees, that you take the protection of their valuable personal data seriously.

We can also help you to obtain any other relevant industry specific certifications, e.g. Cyber Essentials Plus, ISO/IEC 27001, BS 10012, etc.

Trust a group of experts to help you with your Cyber Security, Data Protection, AI/ML legal, risk and compliance needs. Trust AI-CyberPriv!

vCPO

Virtual Chief Privacy Officer (vCPO)

A CPO directs a company’s data privacy strategy, helping to steer the business through the complex array of different data protection regulations that might affect the organisation concerned. 

As vCPO we will help your business to look for ways in which privacy can add value to the business, using it in a positive way to help gain a competitive advantage. The vCPO’s duties typically include: 

  • Providing strategic steer on all things Data Protection/ Privacy related. 
  • Keeping on top of the latest developments on the evolving data privacy landscape.
  • Guiding privacy policies, processes, governance, and compliance.
  • Managing, monitoring, and continually improving data protection measures.
  • Driving privacy awareness within the organisation.
  • Liaising with regulators and the media in relation to privacy matters.
  • Helping to develop and maintain trust with privacy conscious consumers. 

vDPO

Virtual Data Protection Officer (vDPO)

We will register and act as the vDPO for the business by performing the roles and responsibilities assigned to me under Article 39 of the GDPR, e.g.:

  • Overseeing the establishment and maintenance of the personal data processing register (the so-called Article 30 record of processing [ROPA]) – GDPR Article 39(1)(a).
  • Advising on the necessity for a DPIA, the manner of its implementation and outcomes – GDPR Article 39(1)(c).
  • Providing guidance and support on data breach monitoring, management and reporting – Article 39(1)(a).
  • Serving as the point of contact for data protection authorities (DPAs) and Data Subjects in relation to all relevant data protection issues – Article 39(1)(d) and (e).
  • Providing advice and guidance on how to manage and respond to privacy rights requests from individuals (information, access, rectification, objection, erasure, data portability) – Article 38(4).
  • Facilitating GDPR awareness training and the training of staff involved in data processing operations. 
  • Monitoring compliance with the GDPR – Article 39(1)(b).
  • Spearheading and project managing the GDPR compliance programme for the business, including attending / heading steering committee meetings, etc.

vPO

Virtual Privacy Officer (vPO)

 

Providing support to the vCPO and / or vDPO on all Privacy related issues, including helping to run an manage the Privacy compliance project / plan for the business.

vCSPL

Virtual Cyber Security & Privacy Lawyer (vCSPL)

Providing independent legal advice and support to the client and/or vCPO vDPO so the client doesn’t need to consult with (costly) external lawyers.  

The benefit of engaging a vCSPL is that there won’t be any need to sign separate engagement letters with external lawyers or to keep briefing new lawyers as the vCSPL will have access to the client and direct lines of contact (with a system of Chinese walls being implemented internally to avoid any conflicts) with the vCPO and/or vDPO.

PaaS

Privacy as a Service (PaaS)

Clients will be able to subscribe to a mixture of the data protection/privacy services outlined below under the ‘Privacy as a Service’ (PaaS) heading – please speak to a consultant for more information on this offering and we’d be more than happy to prepare a bespoke service offering and quote for you.

EU Rep

EU Representative Services

Under this annual subscription service, we will serve as your EU representative under Article 27 of the EU GDPR via our network of carefully selected associates. 

As your EU Rep, we will:

  • Act as your local point of contact for any data subjects /supervisory authorities (SAs) in relation to all matters relating to your data processing activities;
  • Register with all relevant local SAs and regulators – as required; 
  • Store a copy of and maintain a record of your processing activities (ROPA) as required under Article 30 of the EU GDPR and make said ROPA available to any relevant supervisory authorities; and
  • Liaise with supervisory authorities on your behalf where required.

IASME

Cyber Essentials and IASME Governance Standards Assessments - which includes an assessment of ‘GDPR Readiness’

The GDPR provides for two processes under which organisations can demonstrate that their processing of personal data is compliant with data protection laws (thereby satisfying the accountability requirement under the GDPR), these are:

  1. Codes of Conduct; and
  2. Certifications Schemes.

Until recently, organisations have been unable to rely on the above processes because the administrative framework for gaining the requisite approval from the UK Information Commissioner (ICO) of a proposed code or scheme wasn’t ready. 

However, since 27 February 2020, it’s been possible for UK organisations to submit their proposals for a GDPR code of conduct or certification scheme criteria to the ICO for their approval, but this process is both time consuming and expensive, so then the next best thing would be to focus on demonstrating compliance with any other recognised data protection / cyber security standards, e.g. the UK’s Cyber Essentials and IASME Governance Standards (which includes an assessment of GDPR requirements) which would be an affordable and achievable alternative to trying to evidence compliance with other international standards, e.g. ISO/IEC 27001. 

We can help your organisation with the IASME Governance Self-Assessment which assesses your compliance with the Cyber Essentials scheme and your GDPR readiness. Once we’ve completed the assessment, your organisation should receive a certificate confirming your Cyber Essentials certification and your business would also be able to use the IASME ‘Governance with GDPR logo’ to demonstrate to your customers, and employees, that you take the protection of their valuable personal data seriously.

We can also help you to obtain any other relevant industry specific certifications, e.g. Cyber Essentials Plus, ISO/IEC 27001, BS 10012, etc.

Contact Us

Contact Us