The need to know principle can be enforced with user access controls and authorisation procedures and its objective is to ensure that only authorised individuals gain access to information or systems necessary to undertake their duties.
Need To Know Principle
Mark Sharron
Mark Sharron leads Search & Generative AI Strategy at ISMS.online. His focus is communicating how ISO 27001, ISO 42001 and SOC 2 work in practice - tying risk to controls, policies and evidence with audit-ready traceability. Mark partners with product and customer teams so this logic is embedded in workflows and web content - helping organisations understand, prove security, privacy and AI governance with confidence.
Related articles
Is the Government’s Cyber Action Plan Fit for Purpose?
It’s not often the government admits it was wrong. Yet at the start of the year, we were treated to a rare mea culpa: a recognition that a previous...
The Biggest AI Governance Challenges in 2026
This year’s Safer Internet Day theme, smart tech, safe choices – exploring the safe and responsible use of AI, stresses the importance of responsib...
Why Regulators And Investors Expect Companies To Address a Triple Risk
Organizations fret about security and privacy risk. And more recently, they’ve paid attention to AI risk. But how often do they think of all ...
Read more from Mark Sharron
The Ultimate Guide to GDPR Compliance with ISO 27001 and ISO 27701
The Challenge of GDPR Compliance Managing the requirements of GDPR compliance is a significant challenge for businesses. However, implementing ISO ...
Why Italy Said No to ChatGPT – A Deep Dive Into the Controversy
The ChatGPT Ban in Italy A Wake-up Call for AI Developers and Users The recent ban on ChatGPT in Italy has raised concerns about AI developers̵...
Why ISO 27001 Is Better Than
SOC 2
The Microsoft Supplier Security and Privacy Assurance (SSPA) program requires that its suppliers have an adequate security and privacy program in p...
