Risk, Compliance, Data Protection & Security

The threats to the security of personal data, financial resources and day to day operations are no longer the concern of only big business and government departments. Perhaps they never were. In any event, charities, membership bodies, campaigning organisations and even grant-making trusts now face real existential risks as a result of global developments in hacking, phishing and ransomware. The not-for-profit sector is as much a target as any – but many managers and staff are still unaware of the problem, never mind the steps needed to protect what are arguably the organisation’s most precious – and vulnerable – resources.

The information security team at Adapta has been working in the sector for many years, helping charities and others put the right compliance and protection measures in place. We are closely familiar with the compliance requirements of the current UK data protection act as well as with the other, related, legal and statutory standards. Our team of consultants brings that knowledge – combined with practical experience of what is appropriate and achievable in the sector – to the particular challenges facing your organisation.

We take a structured approach to risk evaluation and mitigation. We begin by carrying out a thorough information security or data protection review to identify how well your information systems, business processes and staff awareness comply with current data protection legislation and best practice in information security management. We document our findings and recommendations in a report which:

• Summarises our assessment of your current arrangements
• Identifies any areas of non-conformance with the legal, statutory or best practice standards
• Sets out the recommended actions to improve conformance, and the resilience of the systems and processes involved

Following discussion and prioritisation of the findings in the report, we can offer to help implement the organisational or other changes to address any short-comings. Our support in this stage can be purely advisory – or we can provide consultants to draft documents, deliver training or, where required, manage a complete change programme for you.

Our consultants are familiar with the broad cross-section of disciplines involved in risk management – we include specialists in data protection but also in broader information security management, financial control, and business process improvement. Our approach ensures that you benefit from a wealth of knowledge and experience and you can be confident that the key risk areas in your organisation will be identified and addressed.