3B Data Security on Demand

Complete & Flexible Information Security Support Service.
This new service is designed to assist those organisations without a clear understanding of the risks they face, the threats to their business, systems, data and client relationships. Aimed at organisations that have recognised they need to improve their cyber security and compliance, they need assistance with planning and prioritising what steps to take, guided by an independent team of cyber security experts.

3B Data Security offer a simple plan and flexible service enabling clients to have support across the full range of our expertise, helping to prioritise and assist with “all things cyber related”. This even includes unlimited ad-hoc advice throughout the contract from a relevant security expert.

What gets covered in this service depends entirely on the situation facing your organisation; we tailor the service to meet your specific needs and the context within which you operate. For example, the challenges facing a Retailer differ from those of a Manufacturing or Legal Services company, so why rely on services that attempt to be ‘one size fits all’?
The service typically follows the same methodology for each client, although the support will vary:

• Understanding Client Needs: Information Gathering & Scoping.
• Creating a Plan: Gap Analysis and Evidence Collection.
• Understanding & Prioritising Risk: Remediation & Future Implementation Plan.
• Managing & Reducing Risk: Ongoing Risk Treatment.
• Getting Compliant: Potential certification against a relevant standard (e.g. Cyber Essentials / PCI DSS).

Typical Activies 3B Data Security Consultants Would Deliver

• Develop, maintain and project manage the implementation of the enterprise-wide security strategy.
• Train staff in relevant areas of security & conduct security awareness training.
• Verify & validate your third-party suppliers to protect your business interests.
• Represent the business interests from a security perspective, e.g.
• When tendering for new business.
• When conducting vendor due diligence or when on-boarding new third-party suppliers.
• Input and report into the board, senior leadership teams or the Data Protection Officer on security matters and relevant progress against the ongoing security projects.
• Support the IT department with key security decisions.
• Act as the verification, quality assurance check point to ensure the appropriate security controls are being considered for the benefit of the business.
• Communicate on security, risks, and threats continuously.
• Identify, report and control incidents.
• Monitor risk, threats and take preventative measures.
• Act as an independent security advisor across the business and facilities for a positive security culture.

What Does This Service Include?

• Information Gathering & Scoping Workshop: We will conduct an information gathering and scoping workshop about your organisation’s systems and IT infrastructure.


• A Cyber Security Roadmap: for future cyber security certfications such as Cyber Essentials, Cyber Essentials Plus, IASME Cyber Assured, IASME IoT Assured, GDPR, PCI DSS or ISO 27001 compliance.


• Cyber Essentials Certfication & Assessment: If applicable and when the business is ready, we will conduct a Cyber Essentials assessment of the business.


• Ad-Hoc Cyber Security Advice: on call ready to support you, your staff, and your business; backed up by a team of multi-disciplined cyber security experts to help guide you in the world of cyber security, data protection and compliance.


• A Trusted Security Advisor: that represents the best interests of your business; be this to validate ongoing business processes, verify/validate new technologies and software, conduct vendor due diligence or just be an independent source of advice and reassurance to the business.


• Continuous Dark Web Credentials Monitoring: We will monitor the Dark Web for credentials using your domain addresses and IP addresses. This can provide an early opportunity to amend credentials prior to any attack being attempted. We will also monitor up to 10 personal e-mail addresses in the same way. We will issue monthly reports detailing findings, enabling you the opportunity to take action as required.





• Quarterly Vulnerability Scanning or Approved Scan Vendor (ASV) Scanning: We will conduct quarterly scans of your external environment to highlight vulnerabilities or if you are subject to the PCI DSS, we can perform these as ASV scans on up to 10 IP addresses.


• Microsoft 365 Security Review: A high level MS365 security review will be conducted on one tenant to highlight any initial configuration or remedial items, including an overview summary report.


• Quarterly Review Calls: You will have a dedicated account manager and consultant who reviews your information security posture and position with you on a quarterly basis to assist ongoing projects.


• Monthly Threat Newsletter: We will include you on our Threat Intelligence newsletter.


• Open-Source Threat Assessment: Discover the data that exists on the Internet about you.


• Email Security Assessment: A review including guidance to highlight email security configuration.