• Search in Protiviti.com

Data Protection

Protect your Data with confidence

A “check-the-box” approach to compliance will not protect your reputation. Proactive programmes, measures and policies will.

Protiviti helps you confidently maintain and protect your data, wherever it may reside. We help you understand the impacts of data security.

Confidently maintain and protect your data, wherever it lives. Protiviti determines the impacts of data security regulatory and contractual requirements, assesses your alignment and capability to meet those expectations, remediates key processes and technologies, and helps implement changes to achieve and maintain compliance—all while improving your data security posture.

Our approach focuses on three core concepts: identifying and securing your most valuable assets; continuous monitoring; and a structured, fast response to a breach.

Regardless of where your data resides, Protiviti helps you maintain and protect it, and to understand the impacts

Our Data Protection services

Pro Briefcase

Data Identification and Security

Organisations want to know what data matters most. Protiviti’s data protection methodology identifies critical data, implements measures to protect it, and establishes a programme to sustain and maintain data security as data evolves.

 
Pro Building office

Data Security Compliance

No matter the compliance framework (PCI , HITRUST, HIPAA, SOC 2, SWIFT , ISO, NYDFS , FedRAMP, FISMA, CMMC ) we scope your environment, address compliance gaps, and implement policies, procedures and technical solutions to meet any regulatory and contractual obligations.

 
Pro Document Consent

Third-Party Risk Management

Organisations increasingly rely on third parties but struggle to balance the level of investment in securing partners. The most effective TPRM programme are repeatable, quantifiable, and manage more risk per dollar spent.

 
Pro Document Files

Secure Architecture

Securely maintaining technologies, systems, and networks is a challenge most companies face. Whether aligning with compliance requirements or adopting zero trust architecture , we bring skilled expertise to the design and implementation of your security.

 
Pro Document Stack

Cyber Defence and Response

No matter how much you invest in security, incidents happen. Protiviti offers full-service incident response teams that optimise your environment to address dynamic data threats.

 
Pro Legal Briefcase

Cyber Resilience

Ensure your data is available when you need it. Knowing where vulnerabilities lie will help you recover more quickly and minimise customer harm. Protiviti helps you detect, prevent, respond to, recover and learn from operational disruptions.

 

FLASH REPORT

The American Privacy Rights Act of 2024: Could this framework become the data privacy panacea?

On April 8, 2024, U.S. Representative Cathy McMorris Rodgers (R-WA) and U.S. Senator Maria Cantwell (D-WA) announced the American Privacy Rights Act. This act aims to establish a comprehensive set of rules that govern the usage of citizens' data. The...

FLASH REPORT

NIST Releases Version 2.0 of Its Cybersecurity Framework (CSF): What This Means for Your Organisation

On February 26, 2024, The National Institute of Standards and Technology (NIST) released version 2.0 of its updated and widely used Cybersecurity Framework (CSF). This latest edition of the CSF is designed for all audiences, industry sectors and...

INSIGHTS PAPER

How data sovereignty and data localisation impact your privacy programmes

The concepts of data sovereignty and data localisation stem from a desire to keep data within a country’s borders for greater control. While the broad strokes of various privacy laws may be consistent across jurisdictions, governments will dictate...

BLOGS

Metrics’ role in cyber transformation

Metrics’ role in cyber transformation

We’ve all heard the saying, “what gets measured gets done,” meaning that regular measurement and reporting helps to keep organisations focused on the information that matters. But with so many data points available to measure security, it is...

BLOGS

Enhancing cyber capabilities using a threat-driven strategy

Enhancing cyber capabilities using a threat-driven strategy

Senior leaders focused oncybersecurityrecognise there is considerable guidance, best practices, frameworks, regulations and varied opinions on how programmes should design defensive capabilities. In addition, depending on the day, the...

FLASH REPORT

White House Issues Executive Order to “Seize the Promise and Manage the Risks” of AI

In this Flash Report, we summarise the key directives contained in the executive order, address key takeaways and concerns for organisations to consider, and outline steps businesses can take to prepare for changes in the AI regulatory landscape....

BLOGS

The Evolution of Attacker Behavior: 3 Case Studies

The Evolution of Attacker Behavior: 3 Case Studies

This blog post was authored by Mike Ortlieb, Director, Security and Privacy andChris Porter, Associate Director, Security and Privacy onThe Technology Insights Blog. Threat actors are an ever-evolving species. Portrayed in popular...

WHITEPAPER

ISO 27001: 2022 - Key Changes and Approaches to Transition

This article will address the changes and updates to ISO 27001 standard published on October 25, 2022, and the approaches organizations can take to implement the changes introduced. There have been significant advancements in technology, as well as...

The Protiviti advantage

Protiviti provides expert-level data security consulting solutions to FORTUNE 1000® and FORTUNE Global 500® companies across the world. We provide our clients with data security expertise that spans numerous regulations across all industries.

Helping organisations comply with data security requirements is part of our DNA.

PCI : Protiviti is one of the largest and most experienced PCI QSA firms (since 2002) and a two-time member of the PCI SSC’s Global Executive Assessor Roundtable. We frequently present at the Council’s community meetings and partner with global merchants and service providers to aid our clients on their journeys to achieve and maintain PCI certification.

CMMC : Protiviti Government Services is a CMMC-AB Registered Provider Organisation™ (RPO) providing accredited consulting services around the Cybersecurity Maturity Model Certification (CMMC) programme.

HITRUST and SWIFT : We are a HITRUST CSF Assessor and SWIFT CSP and partner with clients seeking to certify compliance.

Leadership

Sam Bassett
Sam Bassett
Sam is the country leader for Singapore. With over 25 years' experience, he's primarily worked in financial services with consulting firms or directly in the banking industry to deliver change and support strategic, tactical, and operation goals across Asia, Europe and ...
Learn More

Cyber Risk Quantification Empowers Multichannel Retail Giant to Improve Risk Management

Protiviti utilised cyber risk quantification to enhance the risk management process of a top 10 North American multichannel retailer.

Get Involved

Case Studies

Situation: This highly-decentralised client had disparate vendor security assessments and governance policies, which led to repeated assessments and a lack of a common view of vendor risk.

Value: Protiviti enabled the client to properly modify a COTS application in six months and build a strong foundation for an employee training module.

Situation: The diagnostic device division of this company needed a third-party partner to conduct a HITRUST certification controls assessment to identify and remediate control gaps.

Value: Protiviti assisted in developing a plan and timeline for HITRUST certification.

Situation: This global brand needed assistance with its payment card industry (PCI) compliance program.

Value: Protiviti’s experience with acquiring banks and merchant compliance initiatives assisted in the development and rollout of this client’s compliance program for key stakeholders.

Situation: This client needed to update policies and procedures, with organisational alignment between the first, second, and third lines of defense.

Value: Protiviti updated the client’s governance and policies to improve risk assessments, increase visibility into the risk profile of critical systems and infrastructure, and challenge existing data security practices to enhance enterprise regulatory compliance.

Loading...