The recently proposed, and soon to be implemented, harmonisation of information security regulation across the European Union with the introduction of the GDPR, has elevated the requirement for good information security practice and implementation. Unfortunately, GDPR specifies what needs to be protected, but provides no guidelines on how to protect that data. Nonetheless, there is already an excellent information security standard which can be used to protect both personal and commercial information, namely, ISO27001.
ISO27001 is a risk-based information management system which encompasses a framework of policies and procedures that includes all of the legal, technical and physical controls necessary for the protection of an organisation’s data. By embracing ISO27001, an organisation is making a formal declaration to their customers, suppliers, and staff that their data is secure. The standard requires that the organisation’s ISMS is audited on a three-year cycle, with a minimum of annual surveillance audits performed by an external agency ensuring ongoing compliance with the standard and the frequent recommendations made by the auditors to maintain security.
ProCheckUp has a specialist team of consultants that can help ensure a smooth progression toward certification. Certification is an important step toward establishing world-class information security practices that a lot of clients require.
ProCheckUp’s team of Compliance Consultants can assist with the following:
- - Perform a GAP analysis to establish what your business needs to do to become compliant;
- - Assist with the development of policies and procedures;
- - Assist in improving your network security structure and offer advice on how to secure important and sensitive information;
- - Maintain regular contact to help ensure ongoing compliance efforts;
- - Assist with preparation for stage 1 and subsequent audits;
- - Perform audits and report on compliance;
- - Assist with maintaining compliance;
- - Assist with BAU and Incident response plans;
- - Project Management of partial or the entire ISO 27001 venture.