Data Privacy & Cyber Risk Advisory

Ankura develops, implements, and executes Third Party Risk Management Programs. This includes the development of workflows, assistance with inventorying and categorizing third parties, and the development of cybersecurity and privacy assessment forms and review protocols. Once the vendor due diligence program has been implemented, Ankura can manage the process on behalf of our clients. Ankura also can perform ad-hoc assessments on high-risk vendors to identify risk to the client.

We provide seasoned and certified cybersecurity and privacy leaders, many of whom are former security officers, on an interim or fractional basis to manage cybersecurity and data privacy risks and cost-effectively address the data protection needs of our clients.

We provide independent expert assessments of our client’s environments to support compliance and audit readiness for many of the most pervasive standards and regulations for cybersecurity and data privacy. Such assessments are then utilized to develop long-term roadmaps and project plans to address any risks or gaps.

Ankura works with a variety of cybersecurity and privacy management solutions to enable the implementation of an effective and efficient cybersecurity and/or privacy program. This includes working with privacy-enabling technology and cybersecurity technology such as Identity & Access Management (IAM), Data Loss Prevention (DLP), and Endpoint Detection & Response (EDR).

Ankura develops records retention policies, and retention schedules, and then supports organizations with the implementation of an effective data minimization program. These projects can be tailored to focus on specific high-risk repositories or for data minimization processes which are then leveraged by client-side system owners.

Ankura works with its clients to plan, build, and test resiliency within its organization across the enterprise and its critical systems and assets – including hands on technical testing as well as procedural and process reviews as tabletop exercises.

Ankura’s comprehensive offensive security services involve thorough evaluations of digital infrastructures. Our services encompass penetration testing, social engineering, and purple/red teaming. All of these services are designed to replicate real-world attack scenarios for vulnerability identification with the intent of maturing the organization’s security program. The resulting insights provide practical suggestions to bolster defenses and enhance overall cybersecurity posture.

Ankura provides data mapping/data inventory services along with privacy impact assessment implementation to meet regulatory requirements and serve as a building block for future data privacy modernization efforts. 

We provide cookie/pixel identification and quantification on current websites and prior versions of websites using digital archive tools. Ankura will review the configuration of pixels to assess the likelihood of personal data collection via review of tag managers or other relevant business manager accounts. We will advise outside counsel, corporate marketing teams, and in-house counsel on the technicalities of cookies, pixels, and other tracking technologies on both websites and mobile applications.

Ankura supports organizations and investment firms as they execute mergers and acquisitions. From performing the initial cybersecurity, IT, and privacy due diligence pre-acquisition, to managing remediation items post-close, Ankura can support cybersecurity and data privacy operations through the entire deal lifecycle.

Ankura’s tailored solution to secure clients’ cloud environment and to address any regulatory and compliance needs. Our solutions range from helping clients build compliance programs for FedRAMP, International Organization for Standardization (ISO), Service Organization Control Type 2 (SOC2), Health Insurance Portability and Accountability Act (HIPAA) etc. to identifying security misconfigurations, securing workloads, and securely managing Continuous Integration (CI)/ Continuous Delivery Continuous Delivery (CD) pipelines.

Ankura works with clients to develop and expand their cybersecurity and data privacy documentation. This includes privacy notices, overarching cybersecurity policies, technical Standard Operating Procedures (SOPS) for access management, data management, etc., and response policies such as Incident Response and Business Continuity Plans. We will also then work with our clients to operationalize such policies and procedures.