Phil Lewis of Alliantist describes how data protection regulations are driving big changes in the way we approach supplier security and compliance.
Here’s just a small selection of some of the cyber and data protection stories to hit the news, and suffer the force of regulators, this month.
With GDPR looming, we chat to DutySheet director, Ben Hayes about his approach to information security, preparing for GDPR and why he decided on ISO 27001.
PRESS RELEASE - Alliantist, the supplier of ISMS.online, a secure cloud delivered software service, is working with FDM Group as it ensures it is prepared for the forthcoming EU General Data Protection Regulation (GDPR).
Trusted cloud software services provider of ISMS.online, Alliantist, appoints a Chief Operating Officer (COO) for accelerating growth in its information security and privacy management division.
Alliantist, the software and services company behind ISMS.online, is pleased to announce it is equipping the London Digital Security Centre with ISMS.online for its’ information security management and broader business collaboration activity.
ISMS.online, the secure cloud software for information security management, has released new risk and interested party ‘banks’. This latest service complements the existing solution set and offers another significant time saving for organisations who are new to, or improving their approach towards, the ISO 27001:2013 standard.
The UK Government has recognised some of its biggest information security risks come through the supply chain and G Cloud 9 is the first serious framework vehicle aiming to address that challenge.
Clauses 12, 13 and 16 in the G Cloud 9 (draft) call off contract focus on information security. In the main framework agreement clause 8.87 emphasises the need for physical and IT security to follow Good Industry Practice. Non compliance will simply mean losing existing business and not winning anything new with government in future.
So having an Information Security Management System (ISMS) is no longer an option but an essential part of doing business. Suppliers need to meet an array of requirements including Cloud Security Principles, Risk Management Principles, 10 Steps to Cyber Security, Security Policy Framework etc.......
Whilst we have built the government frameworks into ISMS.online, achieving ISO 27001:2013* goes a long way to delivering those requirements and demonstrates Good Industry Practice. It is of immense value in being trusted to supply services outside UK government too e.g. in the private sector. It also positions your organisation well for EU GDPR from May 2018.
Our belief is that every organisation which has customer or other valuable information should have an information security management system (ISMS). UK Government is now seeking to ensure that happens, at least when it comes to protecting data it controls.
Of course there have always been barriers to achievement of an ISMS, whether time, cost, complexity, or arguably the biggest one, customer demands simply not being there. Now those customer demands are coming through thick and fast in both private and now public sector. With regulation following hot on its heels too with EU GDPR, doing nothing is just not an option.
With ISMS.online we have been looking at how we can help organisations with the time, cost and complexity challenge and have solved that too! Whether you are large, small, public, private or third sector, and interested internally or in supporting your supply chain, we have packages to meet your needs and budget.
ISMS.online integrates and packages all the strategic requirements into a fast, simple, low-cost and flexible solution for your success, freeing you up to concentrate on the operational aspects underpinning your ISMS and the core business itself.
Get in touch now to learn more about how we can help you win new business and retain existing customers by having an ISMS you and they can trust.
*ISO 27001:2013 above also implicitly includes consideration of ISO 27002, ISO 27017:2015 and ISO 27018:2014
Itémedical is a leading supplier of medical hardware and software in the Benelux. It is dedicated to improving patient care by providing user-friendly decision support systems.
Demonstrating excellence is paramount to Itémedical and is why it invests in maintaining relevant ISO standards, including for information security management.
It's also what led it to needing ISMS software, ISMS.online, where it discovered additional benefits.
The International Association of Contract and Commercial Management (IACCM) has adopted ISMS.online, the powerful cloud software from Alliantist, to achieve cyber and information security management success.
President and CEO of IACCM Tim Cummins, explained why it has chosen to heighten its security posture now:
January 28th is International Data Privacy Day and serves as a reminder of the growing importance of data in our organisations and how we must protect it.
Information security management is no longer driven by the fear of security breaches alone. There is now a growing urgency to meet stringent data privacy requirements of legislation, such as the new General Data Protection Regulation (GDPR). Failure to do so could soon result in hefty fines for non-compliance.
The countdown is well underway and May 2018 looms large when GDPR will replace the current Data Protection Act.
For those businesses looking responsibly at how they will meet the requirements of the new European regulations, being adopted by the UK regardless of Brexit, Subject Access Requests (SAR’s) will doubtless form part of their considerations.
You are only as secure as your weakest link
Keeping information secure within your organisation rests on the actions of your staff. You can develop strong policies for information security. You can patch, monitor and defend your systems against attacks. You can get certificates and accreditations for all the key standards like; Cyber Essentials, PCI DSS and ISO 27001.
But it can all go wrong with one phone call.