What is a SOC? The difference between SOC 1, 2 and 3 is quite important assuming that you know what SOC is. Most people will have heard of a SOC audit report, but for those who do not understand what SOC stands for, let us start from the beginning. SOC is the acronym for System […]
02
Mar
Mar
Here’s a funny thing – recital 84 of the EU’s GDPR legislation states “…where processing operations are likely to result in a high risk to the rights and freedoms of natural persons, the controller should be responsible for the carrying-out of a data protection impact assessment…”. Paragraph 1 of Article 35 says pretty much the […]
18
Feb
Feb
Are you managing personal data deletion correctly under the DPA and GDPR? Does everyone in your organisation know what to delete and when to delete? It might seem like an easy task but many still struggle with this. The deletion of 213,000 UK police records due to incorrectly flagged files for deletion is a good […]
09
Feb
Feb
Did Brexit really kill the UK GDPR? A lot of people were confused (and rightly so) as the 31st of December came and went. What I’m going to do here is unpick the information on GDPR from all the confusion around the Trade Deal announced at the very last minute by the UK Government and […]
24
Nov
Nov
One of the major obstacles for an organisation to achieve ISO 27001 Certification can be with fitting it within their budget. It can seem like a daunting task to gather all the variables that are needed to estimate an ISO 27001 certification cost. So how can you get a ballpark estimate for certification when there […]
28
Oct
Oct
After 30th December 2020, the Brexit transition period will end. This has implications for the transfer of personally identifiable information (PII) out of the EU/EEA to the UK. To get around this the UK plans to reach an adequacy agreement with the EU so that things can continue pretty much as they are. By incorporating […]
19
Aug
Aug
Once you have successfully attained Cyber Essentials Plus (CE+) certification and the celebrations are over, what do you do? Do you just sit back and be happy that CE+ has been achieved or do you build upon it? Well, it all depends on why you undertook to achieve CE+ in the first place. Many companies […]
30
Jul
Jul
Before choosing an ISO certification body for your ISO 27001 certification you need to understand the reasons for obtaining the certificate. Many clients want the ISO certificate to demonstrate to clients and partners that they take information security seriously. Others have requirements for certification to allow them to bid for certain contracts. There are a […]
03
Jul
Jul
In this new business era of virtual working, I have been asked how to maintain your ISO compliance with staff working from home and while it poses some problems, it’s certainly not difficult. The first thing to remember is that ISO 27001 defines the requirements for the Information Security Management System (ISMS). This ISMS has […]
24
Jun
Jun
If you had a chance to read part 1 of this blog series, you’ll remember that my top 3 risk management predictions for the next six months included: A huge increase in reported data breaches An increase in COVID-19 related phishing emails An increase in targeted ransomware attacks In this post, I’ll explain how businesses […]
- 1
- 2