Need To Know Principle

By Mark Sharron • 16 December 2020 • 1 min read

The need to know principle can be enforced with user access controls and authorisation procedures and its objective is to ensure that only authorised individuals gain access to information or systems necessary to undertake their duties.

Mark Sharron

Mark Sharron leads Search & Generative AI Strategy at ISMS.online. His focus is communicating how ISO 27001, ISO 42001 and SOC 2 work in practice - tying risk to controls, policies and evidence with audit-ready traceability. Mark partners with product and customer teams so this logic is embedded in workflows and web content - helping organisations understand, prove security, privacy and AI governance with confidence.

Information Security 14 April 2026

What the White House’s National AI Policy Framework Means For Compliance

The Trump administration’s release of a National AI Policy Framework in March strives to replace a tangle of state-level rules with a single ...

Danny Bradbury

Cyber security 9 April 2026

The Path of Least Resistance: Why Defence in Depth Is the Best Response to Cloud Threats

Threat actors are nothing if not resourceful. When they find that a particular pathway is blocked, they don’t give up. Instead, they simply search ...

Phil Muncaster

Cyber security 7 April 2026

Meeting the Data Use and Access Act with Confidence: Why the ISO 27001, 27701 and 42001 Loop Delivers

When the UK introduced the Data Use and Access Act (DUAA), much of the early commentary focused on the divergence it introduced. Was this a softeni...