ISMS.online, the secure cloud software for information security management, has released new risk and interested party ‘banks’. This latest service complements the existing solution set and offers another significant time saving for organisations who are new to, or improving their approach towards, the ISO 27001:2013 standard.
The UK Government has recognised some of its biggest information security risks come through the supply chain and G Cloud 9 is the first serious framework vehicle aiming to address that challenge.
Clauses 12, 13 and 16 in the G Cloud 9 (draft) call off contract focus on information security. In the main framework agreement clause 8.87 emphasises the need for physical and IT security to follow Good Industry Practice. Non compliance will simply mean losing existing business and not winning anything new with government in future.
So having an Information Security Management System (ISMS) is no longer an option but an essential part of doing business. Suppliers need to meet an array of requirements including Cloud Security Principles, Risk Management Principles, 10 Steps to Cyber Security, Security Policy Framework etc.......
Whilst we have built the government frameworks into ISMS.online, achieving ISO 27001:2013* goes a long way to delivering those requirements and demonstrates Good Industry Practice. It is of immense value in being trusted to supply services outside UK government too e.g. in the private sector. It also positions your organisation well for EU GDPR from May 2018.
Our belief is that every organisation which has customer or other valuable information should have an information security management system (ISMS). UK Government is now seeking to ensure that happens, at least when it comes to protecting data it controls.
Of course there have always been barriers to achievement of an ISMS, whether time, cost, complexity, or arguably the biggest one, customer demands simply not being there. Now those customer demands are coming through thick and fast in both private and now public sector. With regulation following hot on its heels too with EU GDPR, doing nothing is just not an option.
With ISMS.online we have been looking at how we can help organisations with the time, cost and complexity challenge and have solved that too! Whether you are large, small, public, private or third sector, and interested internally or in supporting your supply chain, we have packages to meet your needs and budget.
ISMS.online integrates and packages all the strategic requirements into a fast, simple, low-cost and flexible solution for your success, freeing you up to concentrate on the operational aspects underpinning your ISMS and the core business itself.
Get in touch now to learn more about how we can help you win new business and retain existing customers by having an ISMS you and they can trust.
*ISO 27001:2013 above also implicitly includes consideration of ISO 27002, ISO 27017:2015 and ISO 27018:2014
Itémedical is a leading supplier of medical hardware and software in the Benelux. It is dedicated to improving patient care by providing user-friendly decision support systems.
Demonstrating excellence is paramount to Itémedical and is why it invests in maintaining relevant ISO standards, including for information security management.
It's also what led it to needing ISMS software, ISMS.online, where it discovered additional benefits.
The International Association of Contract and Commercial Management (IACCM) has adopted ISMS.online, the powerful cloud software from Alliantist, to achieve cyber and information security management success.
President and CEO of IACCM Tim Cummins, explained why it has chosen to heighten its security posture now:
January 28th is International Data Privacy Day and serves as a reminder of the growing importance of data in our organisations and how we must protect it.
Information security management is no longer driven by the fear of security breaches alone. There is now a growing urgency to meet stringent data privacy requirements of legislation, such as the new General Data Protection Regulation (GDPR). Failure to do so could soon result in hefty fines for non-compliance.
The countdown is well underway and May 2018 looms large when GDPR will replace the current Data Protection Act.
For those businesses looking responsibly at how they will meet the requirements of the new European regulations, being adopted by the UK regardless of Brexit, Subject Access Requests (SAR’s) will doubtless form part of their considerations.
You are only as secure as your weakest link
Keeping information secure within your organisation rests on the actions of your staff. You can develop strong policies for information security. You can patch, monitor and defend your systems against attacks. You can get certificates and accreditations for all the key standards like; Cyber Essentials, PCI DSS and ISO 27001.
But it can all go wrong with one phone call.
The scene has been set as the next major framework in EU privacy regulations was formally proposed and published* on 10th January 2017 by the European Commission in Brussels.
The new Privacy and Electronic Communications (e-Privacy) Regulation, if implemented, would update current rules on the confidentiality of electronic communications. It aims to bring over-the-top service providers ("OTT") within scope of the EU's e-Privacy laws for the first time.
We should qualify that there are, of course, no real ‘cheats’ available when seeking ISO 27001 accreditation.
At least not the sort that will give you an ISMS (information security management system) that can be externally accredited. And, according to the Government Cyber Security Breaches Survey 2016*, of those organisations surveyed, 42% looked for ISO 27001 to test or validate the security of providers of online services. This is likely to increase as vendors look to secure their complete supply chain.
2016 will be remembered by many for some of the alarming cyber events that took place.
There were the allegations that the Russians may have influenced the US presidential campaigns through email interference.
Yahoo announced 500 million user accounts were stolen in 2013, endangering the terms of their acquisition negotiations with Verizon.
Outages of nearly 11 hours disrupted over 1 billion users worldwide in one of the largest cyber attacks in internet history. A DDoS attack on US DNS provider, Dyn, affected major sites including eBay, Twitter, Reddit, Spotify, and Amazon.
Ensure your ISMS delivers long after the last unwanted gift has been discarded
Sensible CTO’s have been compiling their Christmas lists for some time.
There’s no time quite like the start of a new year to set business objectives and goals and embark on fresh projects that will bring about positive business improvements.
And, with security incidents now costing UK organisations an average of £2.6million, up 53% from 2015*, what better reason for placing information security at the top of the agenda in 2017.
I’ve been an awful good girl (or boy!). And an auto convertible really isn’t that much use to me as it probably wouldn’t fit in the multi-storey car parks here.
But if you are in any doubt over the validity of that first statement, or you are simply past believing in Santa Claus, then the best way of ensuring you get something really useful this Christmas is to gift it to yourself.