INKASEC - helping start-ups, small and medium businesses across the UK, Europe and Middle East.

Technology and data privacy compliance

Technology is a critical business enabler for driving growth, margin and efficiency, but it also presents a pervasive risk that must be understood and managed.

We help startups, and small / medium organisations sell their services to clients, especially in B2B space. However, as you know, many larger clients expect a certain level of vendor compliance to reduce their third parties risks. Therefore, your level of compliance is crucial for your business success.


Our services covers:

  • From gap analysis through implementation with the following regulations and frameworks:
    • Digital Operational Resiliency Act (DORA) and NIS2. Additional services are offered by our Dora Consultancy arm - check it out
    • UK Data Protection Act, FSA / FCA, PECR
    • EU ENISA, ePR and GDPR
    • US medical HIPAA, educational FERPA, California data protection CCPA, SOC2
    • Singapore PDPA and TRUSTMARK
    • International ISO27001 2013 and 2022 series, SD-PAC, SOX, PCI DSS, COBIT, RiskIT, ValueIT, ITIL
    • and many other local variations..
  • Identify applicable regulations for your business in privacy, electronic payments, financial reporting and industry
  • Help to develop IT risk management strategies and associated business processes
  • IT audits
  • Develop relevant framework (who does what and why) and associated policies\standards
  • Implement and improve business and technological processes to align with policies and standards
  • Software escrow in a partnership with a leading solution provider globally - Escrow London
  • M&A due diligence - from identifying potential liabilities related to personal data to significant technological challenges that can significantly delay a post-acquisition integration

A number of projects that we've done recently with our clients:

DORA compliance review for a hedge fund.

Workshops, gap analysis, governance development.

Services includes:

  • Company-wide ICT risk assessment
  • Development of policies and standards
  • ICT risk management framework
  • Asset management definition
  • Testing framework definition
  • Business Continuity planning

HIPAA compliance for medical devices startup.

Implementation of relevant governance and operational processes, to address regulatory concerns of startup's clients ("covered entities").

Service includes:

  • Governance implementation of relevant policies and standards
  • Design of technical controls
  • Implementation of relevant internal processes
  • Awarness training
  • 3rd party compliance reviews

NIS2 compliance review.

High-level compliance assessment, to define an engagement project.

Review includes:

  • Company's regulatory requirments
  • Security processes overview
  • Risk definition and process mapping
  • Incident management processes
  • BCP and DR planning
  • Awarness training

ISO 27001:2013 for a large transportation organisation.

Gap analysis, implementation of relevant processes, successful certification and follow up audit.

Service includes:

  • Project management
  • Governance implementation of relevant policies and standards
  • Communication and internal user awareness training
  • Process improvement and trend analysis
  • Pre-audit review

ISO 27001:2013 certification for a marketing company.

Certification audit.

Audit includes:

  • Stage I audit, to review relevant governance
  • Stage II audit, to review relelvant implementation evidence

Risk framework implementation for a social service provider.

Design and implementation of risk framework to address regulatory requirements.

Service includes:

  • Review of local regulation's requirments (NEN7510)
  • Creation of risk matrix
  • Development of relevant risk assessment processes
  • Development of awarenss training
  • Reporting templates and workflows

Data privacy GDPR implementation for a wealth management provider.

Leading wealth solutions provider with more than 6 million monthly visitors.

Solution includes:

  • Roles and responsibilities definition
  • Legal basis identification
  • Privacy policies and standards definition
  • Subject Access rights process implementation
  • Alignment of legal clauses for data processing including data leakage incident management requirements

SaaS escrow solution to an educational provider.

Creation of fully functional dormant SaaS environment to support M&A requirements.

Solution stack includes:

  • Fully scripted Terraform deployment of Kubernetes environment in a different cloud provider
  • Daily updates from source git repos
  • Creation and deployment of docker components
  • Quarterly testing end-to-end and reporting

SOC2 preparation for a security startup.

Project management, gap analysis, process improvments for SOC2 audit.

Services includes:

  • Risk assessment and service criticality definition
  • Governance review and update policies and standards
  • Pre-audit review
  • Outsourcing a number of operational activities to 3rd party support company
  • External penetration testing

Would you like to talk about risk management? Contact us.