Data Compliance Limited :: Implementation

By: Data Compliance  05/12/2011
Keywords: data protection, information security, Data Security

Documented controls such as policy and procedures can be both timely and costly to implement. Our data security consultants have many years experience auditing and implementing policy and procedures.

Data Compliance Limited ease the pain of documenting controls by delivering a customised security and data protection compliance manual based on your specific business requirements.

There is little value in policies or documented procedures that is not up to date. We can review your existing documentation or provide you with the basics to begin with.


If you are a small business with limited resources, it may be difficult to realise where to start with information security. How do you prioritise your needs with your limited resources?

Following security guidelines like ISO 27001 can be a good start.

Controls considered to be essential to an organisation from a legislative point of view include,
depending on applicable legislation:

a) data protection and privacy of personal information (see 15.1.4);

b) protection of organisational records (see 15.1.3);

c) intellectual property rights (see 15.1.2).

Controls considered to be

common practice

for information security include:

a) information security policy document (see 5.1.1);

b) allocation of information security responsibilities (see 6.1.3);

c) information security awareness, education, and training (see 8.2.2);

d) correct processing in applications (see 12.2);

e) technical vulnerability management (see 12.6);

f) business continuity management (see 14);

g) management of information security incidents and improvements (see 13.2).

These controls apply to most organisations and in most environments.

It should be noted that although all controls in this standard are important and should be considered, the relevance of any control should be determined in the light of the specific risks an organisation is facing. Hence, although the above approach is considered a good starting point, it does not replace selection of controls based on a risk assessment.

Keywords: data protection, Data Security, information security, Security And Data Protection

Contact Data Compliance

Email - none provided

Print this page


Other products and services from Data Compliance


Data Compliance Limited :: ISO 27001

ISO 27001 specifies requirements for the establishment, implementation, monitoring and review, maintenance and improvement of a management system - an overall management and control framework - for managing an organisation’s information security risks.


Data Compliance Limited :: Compliance Review

By helping staff understand the risks to information systems and by outlining their responsibilities of ‘due care’ in policies and procedures, you are not only mitigating risk of attack but are complying with obligations such as the Data Protection Act also.


Data Compliance Limited :: Training

Our workshops are a practical method of developing policies and procedures.In a workshop environment, we provide guidance on the issues which should be considered when creating a data protection policy incorporating all eight data protection principles. Training is a necessary and valuable exercise to ensure people are familiar with data protection law and their obligations as data controllers and processors.


Data Compliance Limited :: Support

We provide an annual contract and dedicated account manager who will arrange regular on site visits to keep up to date with developments within your organisation and keep you informed of the latest developments within security and data protection law. Our support contract includes telephone support which could prove invaluable should a security incident occur and you need expertise at short notice.


Data Compliance Limited :: Services

Data Compliance Limited’s professional service is designed to deliver assurance of ‘best practice’ in information security and achieve compliance with regulatory demands including Data Protection Law. Each service can be procured individually or as a complete package.