Data security
Protecting systems and data demands constant attention. Inadequate security can lead to unauthorised access to or disclosure of data or it may allow criminals to seriously disrupt business processes. On top of that, supervisory authorities and society in general are increasingly demanding evidence and accountability when it comes to information security and privacy protection. Our specialists at Baker Tilly IT Advisory can give you insight, control over and assurance about your data protection. We can help you assess the impact of relevant technological innovations in terms of security risks, and give you the insight you need.
Policy and risk analysis
Your organisation wants to identify and control IT risks, while at the same time complying with IT and data protection legislation. We can help you to clarify the IT risks you face in your specific situation, identify the measures already taken and draw up a plan and policy. This will give you an up-to-date risk inventory and information security policy that you can use for strategic execution and external accountability.
Once you have our recommendations, we can provide further guidance in implementing the policy, for instance by developing plans in greater detail, discussing progress periodically, making suggestions and monitoring the quality of the implementation. We are ideally placed to guide you when implementing your policies because our experience covers auditing, consulting and HR matters.
We don't stop at providing just policy recommendations. At Baker Tilly we ensure successful implementation by offering comprehensive guidance and support every step of the way. Our team of IT experts is well-equipped to develop detailed plans, provide regular progress updates, make valuable suggestions, and monitor the quality of the implementation process. With our extensive experience in auditing, consulting, and HR matters, we're the perfect partner to guide you towards achieving your policy objectives.
Baseline measurement and advice
Would you like to know in what measure your organisation currently complies with data protection requirements, without necessarily having to undergo a detailed audit? We can give you valuable insights into the quality of your information security and management system by carrying out compact and practical baseline assessments. We have created a tool based on frameworks, which you can use to detail the measurement process in a structured and transparent way. We use applicable security frameworks for this that are appropriate for your organisation, such as NEN-ISO 27001 and 27002, NEN 7510 for the healthcare sector and the government information security baseline for the public sector. This produces a well defined framework and plan for enhancing security and business objectives.
Our audit together with our consultancy experience throughout baselines assessments, we can provide substantive and practical advice on complying with the applicable frameworks, for instance an information security plan. At Baker tilly, we always set up a process and system that allows you to implement the applicable system of standards and the relevant GDPR privacy legislation based on risk assessments, and secure them based on a management system. Additionally, we perform the baselines assessment in collaboration with you to ensure that the organisation takes ownerships of the outcomes.
A baseline measurement gives you a clear understanding of your current situation, along with specific advice on how to start meeting the framework requirements that have not yet been met. Once you have our recommendations, we can provide further guidance in the implementation, for instance by providing templates and practical examples, discussing progress periodically, making suggestions and monitoring the quality of the implementation.
Privacy consultancy services
Due to privacy legislation and operational and reputational risks, it is important to store your privacy-sensitive data securely. The first step is to understand how well your organisation complies with the requirements of privacy legislation. We carry out a baseline measurement for your organisation to determine whether your privacy protection measures are adequate. We can then determine the extent to which the measures in place need to be adapted to comply with the legislation. In the process, we contribute knowledge about dataflows and systems and the requirements of GDPR legislation.
For this, we use up-to-date and practical frameworks such as the privacy control framework of our professional organisation, the Dutch Association of Registered EDP Auditors (NOREA). We have developed a measurement tool based on legislation frameworks, which you can use to detail the measurement process in a structured and transparent way. Based on the assessment, we can create a plan for improvements together, including a system for monitoring your improvements. We can help with the implementation of the well-defined improvement plan too. Because our experts combine auditing, consultancy and HR experience, we are ideally placed to work out a good approach for conducting internal reviews and audits.
Cybersecurity
Many entrepreneurs are unaware of the cyber risks that their organisation is exposed to, because IT configuration and maintenance are often outsourced. It’s easier for people, whether your own or the service provider’s, to make minor mistakes. One of the reasons for this is because changes and updates have not been implemented, as a result system settings are not secured or because of other preventable problems. At the same time, criminal networks and geopolitical adversaries are getting much better at carrying out cyberattacks.
Even if you think your system is properly protected and have taken the necessary measures, a vulnerability test is a good way to assess whether your network and applications are actually secure. Baker Tilly’s vulnerability scan is a compact scan that identifies the potential vulnerabilities of your external and internal IT systems. The approach is simpler and more affordable than extensive hacking and penetration testing. It can be purchased on a one-off basis or as a subscription in the form of a periodic scan. This scan is automated, we use a specialized software that checks for vulnerabilities in your network and systems, naturally in close consultation with your suppliers and internal experts.
Reporting
We provide valuable reports with insights that you can understand. Additionally, we can provide a technical report that you can use to give your suppliers suggestions and advice on how to address the underlying vulnerabilities. The results of our vulnerability scan help you to address the risks in good time. This in turn helps to make your environment safe/safer and you can rest assured that your data protection is properly set up.
Assistance with certifications
If you want to demonstrate the quality of your information security to your stakeholders through ISO and other certifications, we can assist you with setting up and preparing for these certifications. We are familiar with the guidelines and we can apply them as appropriately as possible in line with your situation. Because we know how certification authorities work, we can ensure you are as prepared as you can be for the certification audit.
The advantage of getting ISO certified as an organisation, on the one hand, is that it means you always meet the requirements of any customers, clients or tender processes. Getting certified is increasingly becoming a minimum requirement for clients. On the other hand, certification also benefits your own organisation: after all, you and your employees have demonstrated that you are capable of evaluating and improving processes, products and services on an ongoing basis. It goes without saying that your own operations stand to benefit from this.
Customer story
If you’re interested in what data protection actually means in practice, read our client story about the vulnerability scan we carried out at SDW.
