International organisation with extremely sensitive data
What was the problem?
This large international organisation possesses a great deal of extremely sensitive data that cannot be allowed to fall into the wrong hands. The client wanted to set up a structured management system for data protection and ultimately be awarded ISO-27001 certification. The level of security was already high, but the company wanted to set up a continuous improvement process whereby the level could be continuously measured and improved in accordance with the plan-do-check-act (PDCA) model.
What was the solution?
The organisation called in PwC’s cyber security experts, who are experienced in both implementation projects and ISO-27001 certification. They started by conducting an extensive risk analysis to determine which information had to be secured at which level. The policies and procedures were amended accordingly. In addition, new and existing policies procedures from the international organisation were collected, standardised, and combined in a single central management system. All of the relevant stakeholders were actively involved and specific attention was devoted to their many nationalities and their culturally determined, sometimes differing ideas about data protection.
What was the result?
After an extensive project, this large organisation now has a complete overview of the policy and procedures in its data protection management system. The various tasks and their associated responsibilities were established, and an action plan was adopted for the PCDA model. The client is now well prepared for its ISO-27001 certification, which of course will not be issued by PwC.
Contact us
