CWCS Compliance Preparations


EU General Data Protection Regulation (GDPR)
CWCS Compliance Preparations

CWCS Managed Hosting began GDPR compliance preparations in Q2 2017 and will be fully compliant by 25th May 2018 when the regulations come into force.

Our preparations have involved significant investments in specialist legal advice, independent third party auditors, and data protection experts to assist with our responsibilities, risk assessments, gap analysis and data flow mapping.

International Organisation for Standardisation (ISO)

With our ISO/IEC 27001:2013 (ISO 27001) we can evidence that best practice for data security is being followed, that out processes are regularly updated as part of continual service improvements, and that we maintain a structured and comprehensive Information Security Management System (ISMS).

Being ISO 27001 compliant requires us to successfully complete external audits that show we have controls to manage, monitor, and improve our security systems. We have systems and processes in place to managed access control, physical security, personnel, information handling, business continuity, and incident management.


Demonstrating Compliance

Undertaken in Q4 2017, our successful ISO 27001 audit also included our ISO 9001:2015 (ISO 9001) accreditation. These globally recognised standards combined, create an integrated management system (IMS), assuring security and quality management processes are in place.

Integration of the GDPR compliance preparations with ISO 27001 and ISO 9001 means we have the appropriate tools and techniques to prevent, identify, and respond to data security incidents or breaches.

Because of the work we have already undertaken to be ISO 27001 and PCI DSS compliant we are confident we already uphold the standards that will form the basis for GDPR.


GDPR compliance has no governing body such as ISO, where you are audited to confirm adherence with the requirements laid out. GDPR is the new data protection measures that all companies need to uphold.

Due to our commitment to ISO 27001 and PCI DSS we are able to demonstrate that we uphold the key principles of GDPR.

Our structured IMS allows us to demonstrate technical and organisational measures that are in place; protecting data, together with our ability to evidence the controls we take through processes, regular internal audits, testing procedures, updating systems, and continual service improvements.

Assisting Customers with GDPR Compliance

CWCS has always taken the security of customer’s data seriously, being committed to offer assistance in helping them achieve compliance in readiness for when GDPR comes into force.

The most effective way we here at CWCS can assist with your GDPR compliance preparations is through the review of your third party risk assessment and checklists. This way our compliance team can review that your requirements work within our IMS and services, and if there are any issues we can work together to address them.

To further assist our customers with meeting the new GDPR requirements for systems operating on our infrastructure, CWCS will release a straightforward data processing addendum of all our services and will include extended audit rights that must be provided to the customer.

gdpr compliance

Submitting Third Party Risk Assessment and Checklist

Please use the form below to submit GDPR document(s).

GDPR File 1
GDPR File 2

We Respect Your Privacy – We will only use these details for this enquiry and won't share them with anyone else.

Please contact your account manager on 0800 1 777 000 if any further information is required before submitting your third party risk assessment and checklist.

ISO 27001 Certified

CWCS is a secure hosting provider, our ISO 27001:2013 compliant security management is independently audited for your assurance that we will keep your information secure, intact, and only available to those authorised to access it.

G-Cloud Supplier

The UK Government G-Cloud is an initiative targeted at easing procurement by public-sector bodies in departments of the UK Government of commodity information technology services using cloud computing.

G-Cloud Supplier

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.

ISO 9001 Certified

CWCS operates an ISO 9001:2015 compliant quality management system. Based on 7 quality management principles, setting out requirements to monitor and improve our services in order to meet the needs of customers and stakeholders.

Call us on 0800 1 777 000 or email us at