Case Study – Manufacturing By: Jezz Gobran | September 28, 2018 | Tags: Case Studies,Manufactuing Background A manufacturing company that sells it products predominately in the UK but has consultants and buyers across the globe. They had been introduced to i-Secured via their IT Provider. As a company their headquarters headcount is circa 75 with turnover of £40 Million. The initial enquiry was around the change in data protection law and although they didn’t think much needed to be done it they felt it needed to be reviewed. Our initial piece of work was to look at the gaps between what they did from a data protection standpoint and what was required under the General Data Protection Regulation (GDPR). What were we asked to do? Having successfully completed the first engagement and reviewing their current position we had put together a plan of action to get them where they needed to be, one of the first points was to conduct an information risk assessment, looking at the threats to their business through their information and what the likely impact would be. What we found Having already worked with them and having a good understanding of the personalities and politics of the leadership team we were expecting a challenging session in getting consensus on what the probability of incidents were, and the likely impact should they come to fruition. What we all knew going into the assessment was their IT was in great shape from a security standpoint and their main customer CRM was well locked down. We found that during the process the clashes we were expecting didn’t happen and the feedback we had demonstrated that our clear and simplistic approach highlighted in plain English what the problems were, why and what could be done. Their biggest challenge Multiple CRM systems which didn’t sync with each other. Their main CRM where access was controlled very well and without any threat of data loss or theft. The secondary system which had little or no access control and could be equally detrimental. Certain files (highly sensitive from a commercial standpoint) which they had assumed were well controlled with very limited access were in fact accessible to anyone both in paper and soft copy form with no idea of who had accessed them and what had been done with the information. Their shared drive had become almost uncontrollable with the amount of information saved, no deletion/retention policy, personal as well as commercial data (some of a sensitive nature). No clear structure of guidelines. The outcome As a team they were quick to come up with workable solutions, most of which were inexpensive and in the main wouldn’t take too much time to execute. It did highlight several issues that they were not aware of and would not have given a second thought had they not gone through this process. As a team they are now much clearer on what risks they are willing to accept and have found a way to harmoniously manage a critical and significant factor in running a successful and growing business.