A good way to ensure that people are aware of their roles and responsibilities in an organisation is by defining policies and procedures to be followed. But this solution has a limitation: they only cover the people who are already working for the organisation and have access to information. What do you do when you need to introduce new employees or contractors in the environment? Once the proper candidates have been selected by the organisation it is important to ensure the

The Information Commissioner's Office have recently announced that the focus for year two of GDPR must be BEYOND baseline controls and compliance. It's time to get intricate. All businesses are expected to focus on accountability and demonstrate an understanding of the risks involved in the way they process data, and how those risks should be mitigated. With over 40,000 data complaints made over the past year and over 14,000 personal data breaches, they now have the necessa

We spend a lot of time researching and listening to our clients and so called 'experts' in the field of ISO Standards and thought, well hoped that we could clarify a few things and help dispel many common miss-conceptions associated with the ISO Standards. Myth 1; "ISO 27001 will require thousands of mandates, lots of money to invest in IT equipment and systems, and would take forever to get implemented.” Buster 1; The Standard is not as complicated as you might think and t