Cybersecurity Health Check

A holistic review of a wide range of aspects of cybersecurity in the company, intended to provide company’s management with full transparency on the security posture and cybersecurity risks, covering the company’s systems, products, architecture, policies and processes.

Cybersecurity is recognised in today’s technological era as a strategic business issue. The Cybersecurity Health Check is intended to provide your company with a broad and thorough picture of its current cybersecurity status, laying the foundation for a comprehensive cybersecurity action plan, based on identified risks, allowing your company to demonstrate accountability to regulators and interested parties.

This service will also evaluate your existing security governance and tools against regulatory requirements and identify compliance risks, allowing you to mitigate them by enhancing your cyber security program and avoid regulatory action. This service will provide you with a strategic roadmap and plan for improving your cybersecurity posture and will allow you to make informed decisions regarding allocation of your company’s cyber security resources.

The Cybersecurity Health check is an objective evaluation of your security controls, mechanisms and goals, based on proven best practices which will help you develop an actionable plan for optimising security resources and better manage your company’s security operations. It will provide you with a comprehensive analysis of your company’s business processes, incident-response capabilities, asset-inventory management, and more, creating a snapshot of the effectiveness of your current cyber security measures and your preparedness for managing cyber risks.

This is a required step to build your company’s cyber confidence and assisting you with assessing, managing, planning and transforming your IT and cybersecurity ecosystem. The Cybersecurity Health Check will lay the foundation for a comprehensive cybersecurity program based on prioritisation and risk management across a broad variety of Companys’ domains. We will assist you in prioritising your data assets by risk and identify the largest control gaps to help you focus your security initiatives where they are required most.

  • We will study the businesses activities and processes of the company
  • We will scope the assessment together with you to focus on certain areas, geolocations, or business verticals according to your needs
  • We will conduct a risk assessment focused on detecting gaps in your security program, insufficient controls which could have negative outcomes if they materialise
  • The Cyber Security Health Check often involves in-person interviews and written surveys
  • Based on the results of the assessment, we will provide you with recommendations and initiatives for enhancement of your cybersecurity program

Experienced cybersecurity consultants, applying both business oriented and technical approaches.



  • An executive summary report describing the assessment process and the identified gaps.
  • A comprehensive finding and recommendations detailed report, including actionable initiatives to enhance your company’s cybersecurity posture.
  • A strategic plan and roadmap to support the achievement of your company’s intended cybersecurity improvement.

Data Protection and GDPR Advisory

Protect the personal data you store and process; demonstrate accountability by creating a comprehensive data protection framework, supported by appropriate internal procedures.

The scope of our Data Protection and GDPR consulting services include:

  • Identifying companies’ data protection and GDPR compliance risks and recommending an action plan for remediation, based on industry best practices.
  • Designing required internal processes and complementary documentation
  • Recommending and implementing privacy management technologies, either by using existing tools of the company or privacy solutions available on the market
  • Privacy training for employees and managements.
  • Include privacy by design and by default into company’s processes tools and technologies.

This process is conducted by experienced data protection consultants, some of which served in various DPO positions, having diverse background in information security, risk management, legal and compliance, who work with different industries, and with clients of all sizes, from 20 people start-ups to FTSE 250 companies.


Our team will assist you in identifying all types of personal data processed by your company and create records of all processing applied on such personal data. The company’s data map lays down the basis for recognising compliance requirements relevant to the company, data subject rights applicable to its customers, employees and other individuals, and identify risks which should be mitigated. This is the very basis a company must have to be able to demonstrate accountability. We will also help you create appropriate processes to keep the data map up-to date.


A process that helps companies to identify and minimise the data protection risks of a project, or business activity. Companies must do a DPIA for processing that is likely to result in a high risk to individuals, and major projects, which requires the processing of personal data.


Our team will assist you in auditing compliance by your existing or prospective vendors with privacy and security requirements, for you to comply with your obligations as a data controller.


Internal documents: internal privacy policy, security related policies, data breach policies and procedures, data retention policies, legitimate interest analysis, data subject rights policy, training policy, all tailored per specific characteristics of the industry and processing activities.


  • Data mapping flow charts, diagrams and descriptive spreadsheets
  • Privacy policies and related procedures
  • Records of processing activities
  • Personnel awareness

CISO / DPO as a Service

Quality and professionalism for an affordable cost: CISO/ DPO as a service allows your company to manage its security and privacy challenges according to your specific needs by an experienced professional, without competing on salary prices.

Talented security and privacy experts are difficult to recruit. Outsourcing the CISO/DPO tasks will overcome the recruitment challenge, and on top of it you will only be paying for the KPIs you define, and the results you are seeking. It is a lean solution, flexible according to current needs and cost effective, while having the required governance and compliance effect prescribed by laws and market requirements.

Appointing a DPO is a regulatory requirement under the GDPR for certain businesses, based on their activities. The law allows companies to appoint an external DPO, acknowledging that not all companies require a full time DPO position. DPO as a service will still name a specific individual, dedicated to your company, who will have less conflict of interests with other stakeholders within the company. This individual will also have the backup, support and access to the resources and ecosystem of Cynance, ensuring his quality of service, and extra work force where needed.

CISO/DPO as a service are services designed to assist companies in better managing security costs and effectiveness. We will provide a dedicated professional for one, two or more days per week, who will be handling security and/or data protection related matters.

Will create a road map, which will be designed and approved along with your team and management, and execute it according to an agreed plan and priorities set within the road map.

The appointed CISO/DPO will also manage other security vendors and services providers, optimise their work and costs.

The CISO/DPO will arrive at your location, or work remotely, as agreed and will report to the person named by you. In addition, periodical status meetings will take place to track progress and discuss any required changes to priorities. The CISO/DPO will also be available for urgent matters requiring immediate response and advice.

The CISO/DPO will arrive at your location, or work remotely, as agreed and will report to the person named by you. In addition, periodical status meetings will take place to track progress and discuss any required changes to priorities. The CISO/DPO will also be available for urgent matters requiring immediate response and advice.

When there are important security related tasks and there is no dedicated function who is able to take ownership and deliver them but the company is not yet ready for a full time position or can’t recruit a suitable professional.


  • Secure code review findings report, including an executive summary and a detailed technical findings description
  • Specific recommendations for addressing the discovered security flaws, and enhancement of the security code development process
  • Secure development training, and its collaterals
  • Technical secure development guidelines, focusing on the technologies and development frameworks that are used by the company