Outsourcing of compliance

Leave A Mark Consulting Group can handle your compliance tasks so you can concentrate on your core business areas.

We have extensive experience with auditing and can handle the entire process until a certification is secured. We have specialists in the following area, privacy and information security, ISO 27701 / ISO 27701 (GDPR) Miscellaneous PCI standards and IT security.

In many cases, we can carry out compliance support "Remote", which means a further reduction in the cost, compared to onsite. 

Risk Management

Leave A Mark Consulting Group has extensive experience in developing risk management policies and template, which can easily be used on a daily basis in the company. 

We have expertise throughout the whole process from defining the company's risk appetite, risk analysis incl. DIPA analysis, as well as ongoing follow-up. We typically work based on the risk standards ISO 31000 and ISO 27005, which are internationally recognized risk standards.

By using a light and clear model for risk handling, the company's management is able to quickly make the correct choices based on a risk perspective.  

Managing of subcontractor

One of the major challenges that is the companies own control and maintance of subcontractors. Both ISO 27001 and GDPs are to make sure that one's subcontractors stands up to the requirements that the company have setup for them.

By GDPR you have a data processor agreement that gives the instructions for the data processor, but it is still you as a data owner who has the obligation to ensure that the data processor meets the requirements of the data processor agreement. This can typically be done by requiring documentation in the form of an ISO 27001 certification / ISAE 3000 GDPR statement or a physical check of the data processor.

Leave A Mark can often with an economic advantage do the controling of subcontractors / data processors. 

CISO services

Help for tender

Need help in connection with answering a tender, etc. Leave A Mark can help with the answer to the areas dealing with information security and GDPR.

In order to be considered for a tender. Especially for the public sector, you may often have to document that you meet ISO27001 or equivalent standard. This as can be sensible to get help from a thirdparty as this often requires you to know the extent of which to be documented.

Executive Board consultation

If you need advise about what actions should be taken in relation to information security and what operational risk you face, please do contact us. Leave a mark has great experience in advising in this area.

We often see that the company's business strategy does not include a strategy for information security, or that you have not assessed the risk appetite you want for different areas, all something that helps strengthen and secure the robustness of a business.