In my previous blog post, we looked at Context and Leadership. This post will pick up from Planning and cover the rest of clause 5 of the ISO 27701 standard. Planning is mainly focused on risk assessment and risk treatment. Information Security Risk Assessment The ISO 27701 standard seems to

When the GDPR came into force on the 25th May 2018, a number of Articles referred to the creation of certification schemes that could be approved by Authorities, to make it easier for data subjects to understand whether an organisation had appropriate privacy controls. Implementing ISO 27701 looks like the

Organisations spend considerable sums of money to protect themselves against the cyber risks that they see in front of them. Unfortunately, you can’t manage what you can’t see. This has been the problem with third party assurance for a significant length of time. Historically, data was fairly immobile with mainframes

We can generally gauge the level of preparation and understanding a company has about their own cyber security by the way they respond externally to a cyber incident. There have been some notable examples over the years where cyber security professionals have had to put palm to face on some

Discussions at Board level on Cyber Security are generally low on reality and high on rhetoric. This is due to the meeting of two very different worlds. Between a CISO who appears to be claiming Armageddon on a daily basis unless the Board fund all requirements, and a Board who

As cybercrime adapts to general business circumstances, a likely trend is the targeting of service providers who look after access control for other businesses. As small businesses look for support in moving to the cloud, many cloud solution providers are springing up to act as middle-men between the business and

The recent BA and Marriott proposed ICO fines weighing in at just shy of £300m. What other organisations are currently sweating over being tapped on the shoulder by the ICO? Since June 2018, we have had a few notable data breaches worldwide. Each may have EU residents in their number

After waiting for a year for the UK ICO to start dishing out the GDPR fines, we get two in two days! Marriott International quickly follow British Airways into the dock, with an announcement from the ICO that they intend to fine Marriott International £99m. The fine is on behalf

After waiting patiently for the UK Information Commissioners Office (ICO) to start the big fines process under GDPR, and expecting the first to be Facebook or similar, British Airways have beaten everybody else to the gate. The UK Information Commissioners office is proposing to fine British airways £183m for their