Cyber Risk & Strategy Development
We were retained by the head of operational technology at a global industrial manufacturing and process automation firm to carry out a cybersecurity best practice review. The review covered 16 business units – covering power generation, transmission, industrial manufacturing, robotics and consumer goods – across 5 countries to better understand where operational and project pressures led to cybersecurity risk.
After presenting the findings internally to all business units we also presented the recommendations with the client at the SANS European ICS Security Summit as a sample of a business-focused approach to cybersecurity.
Manufacturing
Industrial Control Systems Security Review
For a national gas transmission organisation that included elements of critical national infrastructure, we led a risk-based, business and regulatory focused Industrial Control Systems (ICS) security review on several critical assets across multiple countries.
We then performed an actuarial-led cyber risk quantification exercise to determine the full quantum cyber exposure. Lastly, we developed a blueprint of a secure and resilient architecture against industry good practice, such as NIST 800-82 and ISA/IEC 62443 and designed a multi-year investment plan to deliver the secure architecture across dozens of sites.
The plan was presented to the UK regulator and accepted as the basis for a five-year transformation.
Energy & Utilities
Software and data security
A large public sector client retained us to advise on the data protection implications of proposed changes to software. The proposed changes potentially affected the way identity was handled, with scope to impact how historic data was processed.
The scenario required consideration of data protection legislation and the Gender Recognition Act 2004.
Public Services (Government)
Database Use & Operations
Advising on the operation and use of various major complex insurance and healthcare databases, including CUE, MIAFTR, the MID, IFB and IFR – databases of global strategic importance which contain the personal data of millions of data subjects.
We delivered advice that balanced legal compliance, commerciality, and sensitive reputational issues to create a user-friendly model. We provided detailed advice on data protection compliance, web-based use and the drafting, together with the negotiation of Terms of Use to ensure that all stakeholders interests were met.
Insurance and healthcare
Transformational Systems Project
We were retained by a world-renowned university to advise and support on a number of commercial agreements that underpinned its transformational core systems project, with complex IT/Tech provisions.
Other agreements included: Data Management Platform Agreement, Infrastructure and Data Storage Agreement, Publicity/ Event Agreement, Charitable Contribution Agreements, Licensing Agreements, Training Agreements, Publishing Agreements, EULAs, Marketing Agreements, Software Agreements, Framework Agreements and Master Services Agreements.
Public Services (Education)
App Development
Review and negotiation of app development contracts for a leading app development company. One contract example includes Sail GP which produced a next generation app with a world first fan experience for a new global sports league.
The agreement between our client and Sail GP has a global reach and high intellectual property value, and accordingly required extensive and specialist consideration with strong intellectual property protection. The SailGP agreement and work was shortlisted for “Best Innovative Campaign” for world first sport fan experience.
Technology, Media & Telecom