We nominated one of our senior security consultants, supported by our senior team, to undertake a 12-15-day review. Using the GDPR, PCI and ISO270001 frameworks, a gap analysis was assessed against the current policies, technologies, processes, and documentation to identify any risks and deficiencies.
The gaps were qualified and prioritised, along with an assessment of the necessary actions.
This was completed through data gathering and interviews with employees, key partners and a high-level examination of available documentation.