Andrea (http://www.linkedin.com/in/andreasimmons) is an experienced information governance, risk and compliance (GRC) specialist with expertise in designing and delivering Data Protection/EU General Data Protection Regulation (GDPR), Privacy Impact Assessments (PIA) and Freedom of Information (FoI), Information Assurance (IA), Records Management (RM) and Information Security management programmes, training content, strategy and planning. This covers the breadth of both private and public sector compliance requirements including Data Handling, ISO27001, PCI, HMG SPF, CoCo, GCSx etc. She has wide experience in both the private and public sector, both UK and global, implementing compliance programmes and information security management systems (ISMS). As a qualified Psychotherapist and Hypnotherapist, all of this is done within the context of a deep understanding of human factors – and the need for the buy-in of users.
Following the completion of PhD research into the changing landscape of Information Assurance (IA) understanding in the face of the growth of cyber security, Andrea has produced a trademarked framework for bringing all the requirements together, through the deconstruction of organisational silos – www.i3grc.co.uk – i3GRC™, integrated and informed information governance, risk and compliance.