The Journey to ISO27001 Certification

25th January 2017 Author: InfoSaaS

There are many reasons why an organisation may want to implement an effective Information Security Management System (ISMS), and the vast majority proceed to have this independently assessed for ISO27001 certification. This important evidence demonstrates a responsible approach to information security, which is important for customer confidence, legislative compliance and also helping to keep the organisation safe from ever increasing cyber threats. Whilst some organisations will complete...

GDPR and Privacy Impact Assessments

5th January 2017 Author: InfoSaaS

Happy New Year to you! There's no doubt that 2017 will be a year of challenges and changes. Brexit progress, President Trump, IOT security, internet surveillance, the list goes on. Let's not lose sight of the ever clicking countdown clock of GDPR (just over 500 days to go), the new EU-wide General Data Protection Regulation, which will replace the UK's current Data Protection Act in May 2018. As we've discussed before, having an effective and comprehensive Information Security...

Not Another New Year’s Resolution?

20th December 2016 Author: InfoSaaS

It's that inevitable time of year where we expect to be inundated with organisations suggesting that we include them somewhere in our list of New Year's Resolutions, or that they will help us to achieve those long-awaited business goals and objectives. Whether it's saving money, increasing staff knowledge, improving process efficiency, or making your presence more widely known through more effective advertising, it appears that there's always things that we could probably be doing...

Getting Hacked Ahead of GDPR

15th October 2016 Author: InfoSaaS

A month ago, Yahoo informed its 500 million users that their personal data had been stolen by hackers, including email addresses, dates of both, security questions and encrypted passwords. One aspect of this data breach that many have overlooked was that it took nearly two years from the hack to be reported publicly (it having originally taken place in late 2014) with hundreds of millions of users' details having been offered for sale on the on the darknet market for as little as USD $2,000...

Focus on Risk Treatment

28th September 2016 Author: InfoSaaS

An Information Security Risk Treatment Plan is one of the mandatory documentation requirements, called out in Section 8.3 of ISO27001:2013. In plain English, this is a record of all identified risks that need to be attended to, and the steps taken to ensure that the organisation is not subject to increased risk why these risks remain. A common approach to assessing a specific risk is to identify and evaluate the effectiveness of controls that are already in place to protect an asset from a...

Information Security, GDPR and Brexit … Joining the Dots

10th August 2016 Author: InfoSaaS

Today's organisations are well aware of the importance of keeping both their own information and their customers' data secure. An ever increasing reliance on IT systems, mobile devices and cloud computing presents a growing portfolio of vulnerabilities and threats that need to be understood and properly managed. There's plenty of press coverage available which describes the significant financial penalties, collapse of customer confidence or even the untimely demise of those businesses who...

Post Safe Harbor … Next Steps for EU Organisations

13th October 2015 Author: InfoSaaS

Over the last few weeks, you've probably seen ongoing discussions about the European Court of Justice (ECJ) declaring that the US "Safe Harbor" agreement used by more than 4,000 companies is now invalid. If you are based in the EU, why might this be relevant to you and your Information Security Management System? In the increasingly "cloudy" world which we work within, many companies are likely to have at least some exposure to software or a solution provided by a US-based provider,...

Perfect Password Practice

12th October 2015 Author: InfoSaaS

Using strong passwords is one of the most effective ways to increase your online security and protect your data. It's also very straightforward, so you'd expect it to be something that almost everyone does. Unfortunately this is not the case ... it is less convenient than using weak and easily remembered passwords, and people are just too busy. However, if you imagine the potential repercussions of an information security breach it very quickly becomes evident that it is worth the...

Protecting Personal Data in Cloud Environments

23rd May 2015 Author: InfoSaaS

Data security continues to attract the attention of organisations worldwide, at least if the uptake of the Information Security Management System standard ISO27001 is anything to go by. The proper identification of information assets (and the supporting assets such as premises, hardware, software, etc. upon which they rely) is essential if a proper assessment of vulnerabilities and threats is to be undertaken, and appropriate actions taken to manage identified risks. Whilst ISO27001...

What Makes a Good Security Policy?

23rd March 2015 Author: InfoSaaS

We recently launched the InfoSaaS set of information security documentation, to help our customers design, implement and operate an appropriate set of policies, procedures and related content which helps to deliver an effective Information Security Management System. The ISO27001 standard specifies a range of documentation and records needed to demonstrate compliance with specific clauses and requirements within the standard, but it does not provide a comprehensive list of ALL the...