Risk Assessments Archive
The purpose of an information security risk assessment is to prioritise threats so that you can allocate time and resources appropriately. To do that, you need a way of calculating the severity of these threats; that’s where the information security …
Those who are just getting to know ISO 27001 will no doubt find the audit a daunting prospect. It’s a big, complex task that can be tricky for even experienced professionals. But, as with many challenges, you can overcome any …
ISO 27001 focuses heavily on asset-based planning. This ensures that the information security measures you adopt are appropriate to the threats you face – both in practicality and scale. There is no point implementing controls if what their protecting against is …
If you’re certifying to ISO 27001, one of the first things you need to do identify your information assets. After all, it’s only once you know what you’re dealing with that you determine the threats associated with them. Information assets …
ISO 27001 audits can be intimidating, especially if it’s the first time that your ISMS (information security management system) has been audited. So how can you make sure you’re doing everything that you should? This blog helps you settle your …
The SoA (Statement of Applicability) is one of the key documents when it comes to ISO 27001 compliance. It identifies the controls you have selected to address information security risks, explains why those controls have been selected, states whether they’ve …
Third-party suppliers are a common concern for organisations getting their GDPR (General Data Protection Regulation) compliance in order. When the Regulation was first introduced, the issue of third-party suppliers and their relation to organisations’ own GDPR compliance received a great …
Are you part of an in-house finance team? Or do you work for a finance provider – an accountancy firm, perhaps, or a financial advisory company? Like professionals in any other sector, you are subject to the EU’s GDPR (General …
Robust information compliance has never been so high-profile. The introduction of the EU GDPR (General Data Protection Regulation) in May 2018 put personal data protection firmly in the public consciousness. Cybercrime continues to grab headlines, with attacks causing massive disruption …
According to the ICO (Information Commissioner’s Office), more than 14,000 data breaches were logged in the first year since the introduction of the GDPR (General Data Protection Regulation), which is almost four times the number reported in 2017/18. Every month …
