image not found!

IT Governance, Risk Management & Compliance

IT governance is an integral part of the overall organisation’s governance. Risk Imperium will ensure that IT governance provides a structure for aligning IT/Cyber strategy with business strategy for your organization. By following a formal framework, your organisation can produce measurable results towards achieving your strategic goals. Risk Imperium takes you through a formal program that takes stakeholders' interests into account, as well as the needs of staff and the processes they follow.

  • Risk Management Services

    Risk Imperium’s primary goal is to assist organizations balance the operational and economic costs of protective measures and achieve gains in mission capability by protecting their IT systems and data. Risk management enables an organisation to.... Read more

  • IT Security Policies, Standards & Procedures

    Risk Imperium can assist your organization in analyzing existing and developing new security policies, standards, guidelines, and procedures. Read more

  • Gap Analysis
    Risk Imperium can conduct an information security gap analysis for your organization to provide a comparison of your security program versus overall best security practices.
    Read more
  • Compliance

Across the different sectors, organisations have a legal requirement to adhere to regulatory requirements.  Compliance management is of significant importance in any industry. 
Read more

    • Data Protection Impact Assessment (DPIA

A Data Protection Impact Assessment (DPIA) is a process to help you identify and minimise the data protection risks of a project. You must do a DPIA for data processing that is likely to result in a high risk to individuals. This includes some specified types of processing. It is also good practice to do a DPIA for any other major project which requires the processing of personal data.
Risk Imperium will provide a DPIA review service to your organisation for projects involving personally identifiable data.

  • Your DPIA must:
    • describe the nature, scope, context and purposes of the processing;
    • assess necessity, proportionality and compliance measures;
    • identify and assess risks to individuals; and
    • identify any additional measures to mitigate those risks.

  • To assess the level of risk, you must consider both the likelihood and the severity of any impact on individuals. High risk could result from either a high probability of some harm, or a lower possibility of serious harm.
  • You should consult your data protection officer (if you have one) and, where appropriate, individuals and relevant experts. Any processors may also need to assist you.
  • If you identify a high risk that you cannot mitigate, you must consult the ICO before starting the processing.
  • If you are processing for law-enforcement purposes, you should read this alongside the Guide to Law Enforcement Processing.
  • The ICO will give written advice within eight weeks, or 14 weeks in complex cases. If appropriate, we may issue a formal warning not to process the data, or ban the processing altogether.
  • DPIA awareness checklist

We provide training so that your staff understand the need to consider a DPIA at the early stages of any plan involving personal data.
Your existing policies, processes and procedures include references to DPIA requirements.
We help your staff understand the types of processing that require a DPIA, and use the screening checklist to identify the need for a DPIA, where necessary.
We will create and documented a DPIA process for your organisation.
We provide training for relevant staff on how to carry out a DPIA.

Data Protection & UK GDPR

The GDPR has been retained in UK law as the UK GDPR and will continue to be read alongside the Data Protection Act 2018, with technical amendments to ensure it can function in UK law.
Risk Imperium will help your organisation understand the data protection requirements and translate them into business-as-usual operations through, policies, standards and procedures.

Subject Access Requests

You have the right to ask an organisation whether or not they are using or storing your personal information. You can also ask them for copies of your personal information, verbally or in writing.
This is called the right of access and is commonly known as making a subject access request or SAR. Risk Imperium offers a SAR service to help organisations fulfil SARs.

  • Why make a subject access request?

You can make a subject access request to find out:

  • What personal information an organisation holds about you;
  • How they are using it;
  • Who they are sharing it with; and
  • Where they got your data from.

Freedom of Information (FOI)

The Freedom of Information Act, Environmental Information Regulations and INSPIRE Regulations give you rights to access official information.

Under the Freedom of Information Act and the Environmental Information Regulations you have a right to request any recorded information held by a public authority, such as a government department, local council, or state school. Environmental information requests can also be made to certain non-public bodies carrying out a public function.
Risk Imperium offers a FOI service to help organisations fulfil FOI requests