Senior Partner
CurrentAs an accredited IBITGQ data protection implementer and auditor, I apply best practices to formula a holistic data protection programme, proportionate to the organisation and the assets to be safeguarded. Starting with risk management and governance, I apply best practices using the NIST Risk Management Framework, SP 800-37 Rev 2 or ISO/IEC 27005 to measure inherent risk (current risk) across personnel, practices, platforms and partners/suppliers. By analysing and measuring risk, I… Show more As an accredited IBITGQ data protection implementer and auditor, I apply best practices to formula a holistic data protection programme, proportionate to the organisation and the assets to be safeguarded. Starting with risk management and governance, I apply best practices using the NIST Risk Management Framework, SP 800-37 Rev 2 or ISO/IEC 27005 to measure inherent risk (current risk) across personnel, practices, platforms and partners/suppliers. By analysing and measuring risk, I recommend administrative practices, technical measures, physical safeguards, and legal mechanisms to protect assets, lowering risk to a residual level to align with an organisation’s risk appetite. Doing this also helps entities meet contractual obligations and statutory requirements. Show less