ISO 27001, Cyber Essentials Plus, NIS2, DORA, GDPR and data protection governance.
Overview
Information security is the single most scrutinised governance domain in CNI procurement. If you handle data - customer data, operational data, national infrastructure data - your security posture is evaluated before your capability. Direct Intelligence delivers information security governance as market access infrastructure.
What We Deliver
Cyber Security Capabilities
Statement of Applicability development, risk treatment planning, control implementation across all 93 Annex A controls, and ongoing compliance monitoring. The baseline for institutional trust in data handling.
Extension to ISO 27001 addressing privacy-specific requirements. Relevant for organisations processing personal data under GDPR/UK DPA, particularly in health, finance and government sectors.
UK government-backed cyber security certification. Required for many government contracts and increasingly expected across CNI procurement. Cyber Essentials covers five basic controls. Cyber Essentials Plus adds independent verification.
Service Organisation Control 2 reports. Particularly relevant for data centres, SaaS providers and organisations serving US institutional clients. Trust Services Criteria: security, availability, processing integrity, confidentiality, privacy.
Compliance architecture for data protection regulation. Data mapping, lawful basis assessment, privacy impact assessments (DPIA), Data Protection Officer support, Subject Access Request management, breach response procedures.
Network and Information Systems Directive 2 (NIS2) for critical infrastructure operators in EU corridors. Digital Operational Resilience Act (DORA) for financial services. Both require enhanced security governance, incident reporting and supply chain risk management.
Book an assessment to discuss information security governance, ISO 27001 certification and regulatory compliance for your organisation.
Book a Cyber Security Assessment →