With EU GDPR high on every organisations priority list in 2017, there can be few CIO’s and CTO’s not considering its impact on business performance and the broader information security landscape.
We understand the time and budget pressures you’re constantly under so we’re going to help you spec an integrated ISMS solution to add to your Christmas wish list. It will make your life a whole lot easier and allow you to enjoy your Christmas, new year and every day thereafter.
Hopefully, of course, you are on Santa’s ‘well behaved’ list (you may soon find out as we’ve heard he’s considering ISMS.online to help manage his subject access requests!). If so, you may be really lucky and discover a set of handy tools to make implementing and maintaining your ISMS that much easier as you also concentrate on other parts of the day job.
But, to be absolutely sure you get the right information, we’ve provided a breakdown of what to request and even provided a letter template with a direct link to the big man himself...
Letter to Santa...
I’ve had a busy and stressful 2016 trying to address cyber threats, educate everyone on cyber security, answer questions from sales and marketing on how secure our systems are and trying to satisfy our board that we know how to approach the changing data protection regulations.
My biggest wish is to improve our information security management for next year so that I can be home at a reasonable time each night to put Tiny Tim to bed.
I know an ISMS will help protect my colleagues and our customers from data breaches and, of course, it will improve our management processes. It will also mean we can all sleep better at night knowing we’ve done everything reasonably possible to meet data protection regulations.
It will also help those people in sales win more business and allow us to have an even better Christmas next year. Maybe I’ll even be able to afford a turkey for Tiny Tim’s Christmas lunch!
All this is moving quickly so we have a lot to do before May 2018. I’m sure you understand this better than anyone...4% of your global turnover is a pretty big fine I’m sure!
But, and it’s a big but, I’m always really busy and have few ‘little helpers’ so it would be great if you can find a software solution that will save me time and make information security and data protection easy to manage.
It should include:
- Standard information security frameworks so that I can adopt one or more of ISO 27001, NIST, SSAE 16 and, I know it's basic in comparison but Cyber Essentials too. Actually, any standard really, we already have ISO 9001 so it would save me having to duplicate policies that have commonalities.
- Something to help me prepare for EU GDPR and manage new data protection policies and processes. (How are you handling EU GDPR compliance by the way?!!!)
- My boss tells me we have to go for ISO 27001 next year as it will underpin GDPR so can you make sure it has some actionable policies and controls built in to help me. (He said the same thing last year but the document toolkit you sent me last Christmas looked good but I couldn't use it. It’s still on the shelf as the work required to make it practical was just too darn difficult so I gave up...sorry!)
- Can you make sure it has ways of assigning activities to my colleagues and giving them deadlines please as I’m a bit fed-up chasing everyone for their contributions, especially our Support Desk Manager who hides in the stationery cupboard when he hears the phone ringing.
- Online discussions would also be cool as my CEO often works from that beach villa you got him last year.
- I’m also a bit fed-up being the only one who manages risk in the organisation and my Excel spreadsheet simply isn’t effective for multiple users or showing who is actually managing the risk. It’s important I have a really simple tool for this so that even the HR Director can use it...oh, and a nice to have would be some frameworks for HR security processes as this would save him and us loads of time.
- It should also include something to help us manage security incidents especially when we have to notify the Information Commissioner (which I hope we never have to do!). Yes, they may still happen despite all the great policies and processes we have in place. These cyber criminals are clever beasties so we need to continually improve and learn....oh, that reminds me I need somewhere to handle audits and management reviews too please!
- Information security through our supply chain often catches us out so something for managing supplier contracts, contacts and related collaboration easily would be great.
- Last thing...I’ve heard auditors usually drink lots of tea and eat lots of biscuits...anything you can do to minimise our beverage budget would be fantastic. Do they really need to be here for a first stage audit as a secure digital platform in the cloud would allow them to work from their offices and not mine?
If you can manage to find me something with all this built-in to one integrated, secure and ISO 27001 accredited cloud platform then I promise to be good all next year. It would make my life so much easier and I’d be less likely to give up!!!
Many thanks and you can get in touch with me at the details below: