Auditors are core to organisations seeking certification. They form an opinion by using professional judgement to assess whether an organisation is ready for certification. However, along the years, some auditors have picked up a number of poor traits that …
Risk assessments are at the core of any organisation’s ISO 27001 compliance project. They are essential for ensuring that your ISMS (information security management system) – which is the end-result of implementing the Standard – is relevant to your organisation’s …
Any organisation that’s required to comply with the GDPR (General Data Protection Regulation) must conduct regular risk assessments. This isn’t just because the Regulation says so; it’s because risk assessments are essential for effective cyber security, helping organisations address an array of …
Organisations are always looking for ways to improve their cyber security defences, but they often overlook the value of enrolling their employees on cyber security training courses. According to a study by Centify, 77% of UK workers say they have …
The 2018 British Airways data breach was one of the first to occur under the GDPR (General Data Protection Regulation), so the ICO (Information Commissioner’s Office)’s investigation into the incident was seen as a test case. It was therefore unsurprising …
Over the past five years, the Cyber Essentials scheme has been vital in helping protect organisations from some of the most common causes of data breaches. However, the NCSC (National Cyber Security Centre) has announced a change to the way …
The ISO/IEC 270001 family of standards, also known as the ISO 27000 series, is a series of best practices to help organisations improve their information security. Published by ISO (the International Organization for Standardization) and the IEC (International Electrotechnical Commission), …
Security experts often warn us about the threat of phishing, but how are we supposed to know what a scam looks like in practice? Our ‘catches of the month’ series provides real-life examples to help you understand how to spot …
HR plays a crucial role in an organisation’s GDPR (General Data Protection Regulation) compliance. The department is full of personal data, whether it’s of employees, their next of kin or candidates responding to job adverts. With such an active role …
You might be surprised to learn that CCTV footage is subject to the GDPR (General Data Protection Regulation). The Regulation isn’t just about written details, like names and addresses; it applies to any information that can identify someone. That includes …
