Vigilant Software Blog
Organisations that are serious about preventing data breaches must create an information security policy. They contain a list of guidelines on how to handle with various incidents that might result in data breaches. Ideally, your information security policy should be …
When you’re considering your organisation’s cyber security measures, there are two things you must consider: do these controls work now, and will these controls work in the future? The first issue is comparatively easy to assess, because any solution you …
Third-party suppliers are a common source of confusion for organisations considering their GDPR (General Data Protection Regulation) compliance requirements. When the Regulation was first introduced, the issue of third-party suppliers and their relation to organisations’ own GDPR compliance received a …
ISO 27001 is the international standard for an ISMS (information security management system), a best-practice approach to security that helps organisations achieve all of their data privacy compliance objectives. If you are currently weighing up your options for ISO 27001 …
An ISO 27001 risk assessment contains five key steps. In this blog, we look at the second step in the process – identifying the risks that organisations face – and outline 10 things you should look out for. How to identify …
When it comes to ISO 27001 compliance, the SoA (Statement of Applicability) is one of the key documents you must complete. It identifies the controls you have selected to address information security risks, explains why those controls have been selected, …
ISO 27005 describes the risk management process for information and cyber security. It’s part of the ISO 27000 series, which means its advice is part of a wider set of best practices for protecting your organisation from data breaches. As …
As part of your GDPR (General Data Protection Regulation) compliance project, you must be able to understand what personal data you process. Specifically, Article 30 states that you must “maintain a record of processing activities under responsibility”. To achieve …
The risk treatment plan is one of the mandatory documents that must be produced as part of a certified ISO 27001 ISMS (information security management system). It provides a summary of each of the identified risks, the responses that have …
One of the first things organisations must do when implementing ISO 27001 is identify their information assets. After all, it’s only once you know what needs to be protected that you can determine the threats associated with them and put …