10 Oct IASME Standards, Cyber Essentials and Cyber Security
IASME Standards, Cyber Essentials and Cyber Security
The fascinating world of cyber security gets more complex and involved as time passes, new threats arise and the world does its best to keep up. At the same time the security and privacy of personal data is a bigger issue than ever before, reflected by the new GDPR regulations coming into play in May 2018.
If you have heard rumours that Brexit means your business doesn’t have to comply with GDPR, don’t take any notice. You do, and there’s no way to avoid it. If you try to avoid complying, you’ll leave yourself wide open to prosecution. GDPR applies to Britain whether we’re in the EU or not.
On the bright side, you have a few months to get your house in order, and it’s an excellent opportunity to grab a small yet significant advantage over your less-well-prepared competitors.
About Britain’s new General Data Protection Regulations
The new GDPR is one of the most important laws to come into being for some time, with serious consequences for organisations that don’t comply. But data protection guidance is rarely expressed in plain English, making it a tough call to figure out where to start and what to do. IASME helps bridge the gap with their new, award-winning information security governance assessment, designed to help organisations like yours get GDPR-ready in good time.
The new Data Protection regulations demand that, as a basic minimum, organisations have basic cyber security and good governance in place. The IASME Governance standard, incorporating the UK’s own Government’s Cyber Essentials scheme, helps you do it, and we are accredited to deliver IASME Standards.
What are the penalties for GDPR non-compliance?
If you get it wrong, you risk being hit with bigger fines and penalties than ever before. There’s a theoretical maximum fine of half a million pounds which for most businesses, especially smaller ones, could be the end of the road, leading to insolvency and even closure. There are also penalties on the cards involving prosecutions, enforcement notices, compulsory audits and unavoidable ‘undertakings’.
What is IASME?
IASME is one of five companies that have won the right to act as an Accreditation Body, which means they can assess and certify organisations for compliance with the government’s respected, risk-based Cyber Essentials Scheme. It takes five key controls into account, including things like physical security, staff awareness, and data backup, all of which would have theoretically stopped the majority of recent successful cyber attacks had they been in force at the time.
What we will help you achieve in preparation for GDPR
There’s a list of things you should get under your belt to prepare your company for the new GDPR. You need to know what the DPA/GDPR is and how it will affect your business, a process involving identifying current level of conformance. It’s vital to pin down any omissions and take steps to deal with them. You’ll need to review your existing information security management system and carefully document your information security policies. It’s important that you know exactly how to act if you have a data breach, and DPA/GDPR staff awareness is a must.
Get expert help from accredited experts
From a marketing and PR perspective, an IASME ‘GDPR Ready’ assessment lets you demonstrate to your customers and your suppliers that you’re ready for the new regulations. Take a look at our post about how Forensic Control are officially government-qualified to help organisations like yours prevent the most common internet attacks.
We provide professional cyber security auditing and advising, and we’re well versed in the respected Cyber Essentials and IASME Standard routes. Contact us to discuss the possibilities or book an assessment.