Example Projects

GDPR System Assessment 

Multi-Academy Trust Consisting of 14 Primary and Secondary Schools

This Multi-Academy Trust required a review of its current processes and systems across all the constituent schools and the corporate headquarters to identify specific areas of the business that needed to be amended to meet the requirements of the GDPR or Data Protection Act 2018. Interviews were undertaken with key individuals and roles at all schools as well as at the Corporate HQ. Existing processes and procedures were examined for consistency in the way that they were deployed across the Trust as well as for their compliance with the needs of the Act in the following areas:

 

  • Organisation and awareness of the requirements
  • The ability to meet the Lawful Processing elements of the Act
  • Location and management of personal information
  • Security of personal information that was found to be held by the individual Academies

 

The report was accepted by the Trust management and was used to form the basis for a far reaching project to improve the consistency of information management and to ensure that this complied with the Act.

ISO27001 Management System Assessment

Provider of Responsibly Managed Short Term Loans

This organisation requested a comprehensive review of its Information Security Management System, including both the organisation and governance infrastructure and a technical review of its network security. Over a period of 6 weeks we reviewed every aspect of how the organisation organised and ran its information security using the ISO27001: Information Security Management System Standard as the baseline for the review. The review identified areas of weakness and detailed specific improvement actions across the following areas:


  • Governance and organisation
  • Integration and alignment of Information Security with the strategic business planning objectives across all areas
  • Consistency, implementation and management of Information Security Documentation
  • Enhancement of staff training in information related matters
  • The introduction of a consistent incident management process.


The report was accepted in full by the board and all recommendations were implemented as part of a comprehensive upgrade of their information security management regime.

Due Diligence Response for a Security Questionnaire for Government Funding and

Provider of Cloud-Based Language Services to UK Primary Schools

Having developed a radical new and effective assessment tool to support language assessment and development of children in UK Primary Schools, this services provider was asked by the Department for Education, as part of a further funding round, to document its Information Security structure. Due to time and resource pressures on the service provider, Evolve Enterprise Consulting was asked to review the existing arrangements and to both identify any enhancements and to draft the detailed tender response. Over a period of 4 weeks a series of interviews with key staff members were undertaken to gather the necessary information as well as a review of relevant supplier services. The Final document was well received by the Department for Education, allowing the service provider to continue delivering its language service to Reception pupils.  In addition to completing the Due Diligence response a set of Information Security Policies and procedures were drafted and introduced to the organisation to meet the expectations of the the client organisation.

Supplier Assurance Questionnaire Response and Drafting of Key Information Policies in Support of a Government Contract

Manufacturer and Supplier of Equipment and Services for Working with Hi-Tech and Exotic Materials

This highly specialised manufacturer was in the process of tendering for a large new contract with a significant government department when it was asked to provide details and evidence of its approach to Information Security. No formal system for the management of information security was in place at the time, so the organisation asked Evolve Enterprise Consulting to review its current practices and identify where it was deficient against the Government Department's requirements. A short review with the key members of the management team resulted in identifying the need to draft a set of policies and procedures that were required by the contractual terms and conditions of the relationship, and that the organisation did not possess. These were produced and introduced allowing the manufacturer to provide the necessary evidence enabling them to win the contract and receive the right to deliver the expected services.