Chloe Biscoe Archive

When organisations begin their ISO 27001 certification project, they must prove their compliance with appropriate documentation. That involves documenting your information security risk assessment process. In this blog, we explain how you can do that. Elements of the ISO 27001 risk assessment …

Under the General Data Protection Regulation (GDPR), organisations must create a privacy notice explaining to individuals how their personal information is used. But what is a privacy notice, and what should it contain? We explain everything you need to know in …

Please note new versions of ISO 27001 and ISO 27002 have now been published. To learn more about what these updates mean for your organisation, and to buy your copies of ISO 27001:2022 and ISO 27002:2022, please visit our information …

Organisations that implement ISO 27001 must demonstrate their compliance by completing appropriate documents. ISO 27001’s mandatory documents include: 4.3 The scope of the ISMS 5.2 Information security policy 6.1.2 Information security risk assessment process 6.1.3 Information security risk treatment plan 6.1.3 The Statement of …

An integral part of your EU General Data Protection Regulation (GDPR) compliance project is producing appropriate documentation, which includes a personal data breach notification procedure. If you’re just beginning your GDPR project, we suggest that your organisation should prioritise creating incident …

The Data Security and Protection (DSP) Toolkit has superseded the Information Governance (IG) Toolkit as the standard for cyber and data security for healthcare organisations. The deadline for completing the DSP Toolkit is 31 March 2019, although larger organisations are …

Managing the right to withdraw consent is a key requirement of the EU General Data Protection Regulation (GDPR), and, if it hasn’t done so already, your organisation should be preparing by creating a withdrawal of consent procedure. What does the …