Security Controls

ENISA’s Online Platform for Security of Personal Data Processing

In December 2019, ENISA released an online platform to help Data Controllers and processors with the security controls applicable to personal data processing. The platform looks to tie together ISO 27001, ISO 27005, the GDPR requirements and some principles from ISO 27701, to provide a link between high-risk personal data processing and the security controls …

ENISA’s Online Platform for Security of Personal Data Processing Read More »

Implementing ISO 27701 – Privacy for ISO 27001

When the GDPR came into force on the 25th May 2018, a number of Articles referred to the creation of certification schemes that could be approved by Authorities, to make it easier for data subjects to understand whether an organisation had appropriate privacy controls. Implementing ISO 27701 looks like the easiest route currently to this …

Implementing ISO 27701 – Privacy for ISO 27001 Read More »

Data breaches at Access Aggregators

As cybercrime adapts to general business circumstances, a likely trend is the targeting of service providers who look after access control for other businesses. As small businesses look for support in moving to the cloud, many cloud solution providers are springing up to act as middle-men between the business and the cloud providers like AWS …

Data breaches at Access Aggregators Read More »