ProCheckUp is an approved provider of PCI QSA services.
Today’s data protection regulations (GDPR) and standards (PCI-DSS) places organisations under increased pressure to demonstrate how they safeguard personally identifiable information and sensitive data.
For example, article 30 of the GDPR regulation places a legal requirement on organizations to maintain a record of processing activities under their responsibility and make it available to the relevant supervisory authority on request.
The following information needs to be documented within the record:
- The purposes of the processing;
- A description of the categories of data subjects (customers, patients, etc)
- A description of the categories of personal data being processed (financial information, health data, etc)
- The categories of recipients to whom the personal data have been or will be disclosed (suppliers, credit reference agencies, etc)
- Details of recipients in third countries or international organisations
- Where possible, the envisaged time limits for erasure of the different categories of data (how long the data will be kept for)
- Where possible, a general description of the technical and organisational security measures in place (encryption, access controls, etc)
ProCheckUp’ s risk management experts will take you through a data mapping exercise to identify, classify and discover the data in your organisation, whilst assessing your data risk.
ProCheckUp utilises a standard engagement model for all data discovery engagements using a robust, holistic approach consisting of four phases as defined below: -
Identify
This phase helps us define and understand the data types you hold within your organisation. Through a series of interviews and questionnaires with key staff we will identify its location, which business processes handle or store sensitive data and the data types in use.
- What are your data subjects - customers, patents etc.
- What are your data categories - financial, health, business operational or intellectual property?
- What are your data sub categories (or elements)? Name, address, DOB, financial records?
- What format is it in? Emails, forms, letters, spreadsheets, application data or database records?
- What is it used for and how is it processed?
Classify
- How sensitive is the data based on its Confidentiality, Integrity and Availability?
- If lost, does it cause damage to individuals, business operations, or company reputation?
- Rate the data for its sensitivity and determine classification.
Discover
We will work together to discover where your data is stored and confirm who receives and processes it.
- Where is the data stored? Is it on a local device, in a database, in an application, hosted in the cloud, or with a partner?
- Where is the data transmitted and to whom?
- Additionally, with the ability to scan files and data stores, our team can identify stored PCI card data, with the option to expand data discovery to cover GDPR and PECR requirements.
Report
On completion, we will provide you with a data inventory matrix showing your locations, data categories, and sensitivity.
- Generate a comprehensive sensitive data inventory matrix from the information gathered.
- Accompanying report summarising the findings and a way forward, creating a platform for a phrase two risk assessment.
Please contact us for more information on how ProCheckUp Data Discovery Services can help you.
Accreditations
