Our Security Division
Data Security People is the security division of Data Protection People, and its staff work closely with our Privacy Team. We are a UK-based information security and PCI QSA consultancy, with clients ranging from large football clubs and FTSE100 companies, through to organisations that operate critical infrastructure.
We have completed security engagements throughout Europe and have vast experience within large enterprise compliance programmes.
By building on our experience and listening to the day-to-day challenges of our clients, we aim to deliver world- class security services that enable organisations to build a compliance programme that protects market value and provides an edge on their competition.
Our technical director, Andrew Mason, has written fourteen books on Cisco networking, is a Cisco Certified Internetwork Expert, and leads has grown a number of specialist and successful cyber security consultancies.
Our security practice manager, Thomas Chappelow, is a PCI QSA and senior cyber security consultant. He has worked across the world and has advised clients in many diverse sectors, including oil & gas, defence, government, and financial services. Thomas has also provided technical security evidence for a number of high-profile legal cases and governmental inquiries, including for the Parliamentary Joint Committee on the National Security Strategy’s inquiry, National Security in a Digital World.
In addition to their vast and varied experience, our security team hold qualifications such as CESG (NCSC) Certified Information Assurance Auditor, PCI Qualified Security Assessor, ISACA Certified Information Systems Auditor and Certified Information Security Manager, Certified Information Systems Security Professional, and ISO 27001 Lead Auditor.
We offer the following security services:
- PCI DSS Compliance – scope identification, gap analysis, remediation, and formal QSA services
- ISO 27001 Services – gap analysis, implementation support, and audit services
- NIS Regulations – expert advice on the NIS Cyber Assessment Framework
- Threat & Risk Assessment – cyber and physical threat modeling, provided by CESG Certified Professionals
- Incident Response – on-site security incident and regulator audit support
- Penetration Testing – internal and external penetration testing, from CREST Registered Consultants