ISO 27001 risk assessments: The problem with using spreadsheets

ISO 27001 risk assessments: The problem with using spreadsheets

An ISO 27001 risk assessment is at the core of your organisation’s information security management system (ISMS). Those new to tackling this complex step may rely on using a manual, inexpensive solution such as spreadsheets, but there are many disadvantages to doing so. Why using spreadsheets for your risk assessment ... Read More
Example of data mapping in preparation for the GDPR using the Data Flow Mapping Tool

GDPR data mapping: How to tackle complex processes

As part of your EU General Data Protection Regulation (GDPR) compliance project, your organisation will need to understand what personal data it processes. You will likely choose data mapping as a way to meet these requirements. Key elements of data mapping A data flow map of a process should chart ... Read More
™

How to create a risk treatment plan for your information security management system

A risk treatment plan (RTP) is one of the mandatory reports that you will need to produce for your ISO 27001 information security management system (ISMS). What is a risk treatment plan? An RTP provides a summary of each of the identified risks, the responses that have been determined for ... Read More
Example of using the Data Flow Mapping Tool to map methods of transferring data

GDPR data mapping key elements

Data mapping will be a key part of your compliance project in the run-up to the EU General Data Protection Regulation (GDPR) compliance deadline of May 2018. The Regulation introduces numerous changes – and the change from complying with the current Data Protection Act (DPA) to the GDPR is a ... Read More
How to manage your compliance the easy way

How to manage your compliance the easy way

Regulatory compliance requirements are becoming a significant issue for organisations, particularly in the field of information security. What is IT compliance? IT compliance is used to explain how an organisation manages its IT in order to comply with laws, regulations and contractual obligations. IT compliance looks to protect an organisation’s ... Read More
Identifying articles for GDPR compliance

Identifying articles for GDPR compliance

The EU General Data Protection Regulation (GDPR) is a new law that will supersede the Data Protection Directive 1995 (DPD) and all domestic laws based on it, such as the UK Data Protection Act 1998 (DPA). The GDPR aims to protect EU residents from data and privacy breaches, and has ... Read More
How data mapping helps meet the requirements in Article 30 of the GDPR

How data mapping helps meet the requirements in Article 30 of the GDPR

Understanding what personal information is being collected and processed is a fundamental component of any EU General Data Protection Regulation (GDPR) compliance programme. Without that understanding it will be difficult for any organisation to ensure that their data processing activities are compliant with the new obligations set out in the ... Read More
How to develop a Statement of Applicability in ISO 27001:2013

How to develop a Statement of Applicability in ISO 27001:2013

The Statement of Applicability (SoA) is one of the key documents that you will need to produce for your ISO 27001 information security management system (ISMS). What is the Statement of Applicability? The SoA is a crucial, mandatory report for ISO 27001 certification. It’s also an essential report for the ... Read More
Data Flow Mapping Tool

5 steps to create a data flow map

The EU General Data Protection Regulation (GDPR) is a new law that will harmonise data protection in the EU and will be enforced from 25 May 2018. The Regulation will apply to all organisations that process EU residents’ personal data, including organisations outside the EU. UK organisations will need to ... Read More
3 reports needed for an ISO 27001 audit

3 reports needed for an ISO 27001 audit

An ISO 27001 audit can be intimidating, especially if it is the first time that your information security management system (ISMS) has been audited. Producing accurate, concise and updated reports is an important part of your audit. Some reports are mandatory, whereas others will help you to impress your auditor ... Read More
Loading...