Data Compliance Limited :: Compliance Review

By: Data Compliance  05/12/2011
Keywords: security, data protection, information security

Data Compliance Limited will review your internal procedures and security practises to help ensure that you are in compliance with EU Law and recommend any corrective measure that may be necessary.

It is best practice to review security controls at least annually. However, depending on circumstances you may find it appropriate to audit bi-annually.

WHY DATA PROTECTION IS VITAL

Information and the supporting processes, systems, and networks are important valuable assets. Defining, achieving, maintaining, and improving information security is essential to maintain:

  • Competitive edge
  • Cash flow
  • Profitability
  • Legal compliance
  • Reputation

To work effectively, information security must be regarded as an attitude rather than a product. Buying firewalls, anti virus software and intrusion detection, not to mention installing security patches on all your servers and workstations will only get you so far. Unless you can also persuade people of the concept, you are still at significant risk from a security breach of some kind. Cyber criminals know the weakest link in your organisation’s armour is almost certainly a person rather than technology. 

In short, any one of your data processors (employees, contractors and third parties) from administration, to credit control, to accounts and senior management could be the target of a virus, cyber crime or social engineering attack.

By helping staff understand the risks to information systems and by outlining their responsibilities of ‘due care’ in policies and procedures, you are not only mitigating risk of attack but are complying with obligations such as the Data Protection Act also.

WHY AUDIT?

Auditing identifies gaps in information security and compliance controls while providing assurance of existing controls. Naturally, you want to know your investment in security is working for you while assuring customers, employees and stakeholders of standards in security and data protection.

Auditing can reduce risk of liability. Auditing improves security practices and prepares you for the unexpected.

Our security auditors use International Standards including ISO 27001 to benchmark your organisation security controls.

Data Protection Compliance Program Fig 1

WHAT IS INVOLVED?

Our approach is holistic. This means no matter how large or small your organisation; we include critical operations in our audit. This may mean the audit includes internal and external controls.

In short, information security audits incorporate three key areas –

  • People
  • Processes
  • Technology

Every organisation is different. However, most share similarities such as people, processes, technology and of course information.

All audits conclude with an audit report and presentation of recommendations and findings to Senior Management.

 12 Step Review covers

  1. Data Protection Policies
  2. Notification and registration with ODPC
  3. IT Security controls
  4. Data protection procedures
  5. Disclosure of data
  6. Data protection roles and responsibility
  7. Awareness of legislation
  8. Retention of data
  9. Access requests
  10. Data base management
  11. Physical security
  12. Third party compliance

Keywords: data protection, information security, security, Security Controls

Contact Data Compliance

Email - none provided

Print this page

Share

Other products and services from Data Compliance

05/12/2011

Data Compliance Limited :: ISO 27001

ISO 27001 specifies requirements for the establishment, implementation, monitoring and review, maintenance and improvement of a management system - an overall management and control framework - for managing an organisation’s information security risks.


05/12/2011

Data Compliance Limited :: Training

Our workshops are a practical method of developing policies and procedures.In a workshop environment, we provide guidance on the issues which should be considered when creating a data protection policy incorporating all eight data protection principles. Training is a necessary and valuable exercise to ensure people are familiar with data protection law and their obligations as data controllers and processors.


05/12/2011

Data Compliance Limited :: Implementation

Data Compliance Limited ease the pain of documenting controls by delivering a customised security and data protection compliance manual based on your specific business requirements. Controls considered to be essential to an organisation from a legislative point of view include,depending on applicable legislation. If you are a small business with limited resources, it may be difficult to realise where to start with information security.


05/12/2011

Data Compliance Limited :: Support

We provide an annual contract and dedicated account manager who will arrange regular on site visits to keep up to date with developments within your organisation and keep you informed of the latest developments within security and data protection law. Our support contract includes telephone support which could prove invaluable should a security incident occur and you need expertise at short notice.


05/12/2011

Data Compliance Limited :: Services

Data Compliance Limited’s professional service is designed to deliver assurance of ‘best practice’ in information security and achieve compliance with regulatory demands including Data Protection Law. Each service can be procured individually or as a complete package.