The IASME Governance standard was developed over several years during a government funded project to create a cyber security standard which would be an affordable and achievable alternative to the international standard, ISO27001.
The IASME Governance standard allows the small companies in a supply chain to demonstrate their level of cyber security for a realistic cost and indicates that they are taking good steps to properly protect their customers information.
- UK Government (NCSC) standard
- Required for all supply chains of Central and local government, MOD, NHS.
- Certification against basic level Cyber Essentials
- Automatic cyber liability insurance for UK domiciled organisations with less than £20m turnover who pass the assessment (terms apply)
General Data Protection Regulation.
All we heard about last year was GDPR!
This is the General Data Protection Regulation, and is here to stay even if the UK leaves the EU without a deal .
It focuses on the Privacy of ‘Natural Citizens’ of the EU, NOT business in the EU? So this also applies to the USA, China, UK, Australia etc. IF they hold, process, or handle any data about an EU citizen.
Nearly everyone has at least heard of the acronym GDPR. But what appears to have been lost along the way is that the NIS Regulation also became law in 2018.
This is the technical side of GDPR and the UK’s Data Protection Act 2018?
This introduces guidelines the how.
Governance Risk & Compliance.
Why view each and every compliance requirement independently?
The concept behind GRC is reduce inefficiency of Risk Management and Audit, whilst achieving business goals.
Can one control meet multiple compliance requirements, can it be measured and sustained? All too often there is a frenzy of activity before an audit.
The GRC methodology can provide protection to the business whilst demonstrating value and integrity .
Data Security & Protection Toolkit.
The NHS is increasingly embracing security through the evolution of the IGToolkit. This has been replaced by the DSPToolkit, which drastically expands on the theme of Cyber and Data Security.
Although some Assertions are not yet mandatory, there is clearly a pathway being developed to meet the Governments mandate around digital safety through the National Critical Infrastrure.
For further information please click ……………