Professional Services Security

Compliance & Regulation

Essential Reading

Cyber Essentials for Professional Services

NCSC: 80% of common cyber attacks prevented by the five Cyber Essentials controls.

ISO 27001 for Consultancies

ISO 27001 certification covers 93 controls across 4 themes — organisations, people, physical, and technology.

GDPR for Professional Services

ICO 2023: Professional services ranked in the top five sectors for reported data breaches.

Further Reading

SOC 2 for UK Professional Services Firms

SOC 2 Type II reports cover a minimum 6-month observation period — plan at least 12 months from start to report.

IR35 and Data Security

Professional services contractors handling client personal data must comply with UK GDPR regardless of IR35 status.

Book a discovery call