Are you ready for the unexpected? Here’s some food for thought. Did you know that: ► More than 40% of businesses affected by the Manchester bombing of 1996 went out of business? ► Approximately 18,000 businesses ceased to exist following the attacks of September 11 2001 ► 92 businesses employing 9,500 staff were forced to […]
One of the long-held beliefs underpinning many a password policy is that forcing a regular password change is a good thing. After all, by changing our passwords on a regular basis we might be able to stop an attacker taking advantage of a password they may have discovered. However, by forcing users to change […]
This is the question of the week, what is the difference between a certified and a compliant ISO 27001 management system? There is some confusion about the difference between having an information security management system (ISMS) which is certified to ISO 27001 and one which is compliant or aligned to the Standard. This week’s top […]
This week’s top tip looks at the requirement within both the DPA 2018 and the GDPR to verify the identity an individual making a request before acting or releasing information. Our clients are regularly raising questions and concerns with our consultants along the lines of ‘what do I need to do?’ Let’s start by […]
The information security controls that all organisations need to implement are heavily dependent on the information being stored, processed or transmitted and the purpose of the processing. For example, whilst regular penetration testing may be appropriate for some organisations, it may not be required for others. This is where risk management kicks in. Best practice dictates that you need to identify the risks that your organisation faces before proceeding with the implementation of appropriate controls to reduce these risks to a level which is acceptable to your stakeholders. Risk appetite will typically be defined by directors, shareholders or regulators along with compliance […]
Are Standard Contractual Clauses Sufficient? This week’s top tip looks at a very specific area of GDPR – Article 28 to be precise and data transfer outside of the EEA. One of the ways in which you can legitimise an ex-EEA data transfer is by using the standard contractual clauses (SCCs). Article 28 mandates […]
In a previous blog we looked at the different types of exercise you can utilise to validate your business continuity approach. This week’s top tip focuses on the desk check and facilitated discussion. At the simplest level, within any good business continuity (BC) exercise programme, lie the following two types of exercise: A […]
ICO fines BA £183m There are enough articles out there regurgitating the news about the BA data breach which we aren’t going to repeat. For us the message is simple, and let’s make no bones about it, the Commissioner has enhanced powers under DPA 18/GDPR and clearly intends to use them. Prior to this […]
This week’s top tip focuses on data protection and the value of the information you can find on the Information Commissioner’s Office (ICO) website. There is a wealth of information available on the ICO’s website, however, probably one of the most visited areas is ‘Action We’ve Taken’. In particular, the enforcement notices, audits, advisory […]
Have you Planned for the Unexpected? This week’s top tip reflects on the prevalent theme of ‘uncertainty’. Whether it be the general backdrop of political uncertainty that has dominated our lives since 23 June 2016, the vexing Tory leadership race as we await to see who will be our next Prime Minister or the […]