Chloe Biscoe Archive
When organisations begin their ISO 27001 certification project, they must prove their compliance with appropriate documentation. That involves documenting your information security risk assessment process. In this blog, we explain how you can do that. Elements of the ISO 27001 risk assessment …
Under the General Data Protection Regulation (GDPR), organisations must create a privacy notice explaining to individuals how their personal information is used. But what is a privacy notice, and what should it contain? We explain everything you need to know in …
Documentation is crucial for any ISO 27001 implementation project, and the SoA (Statement of Applicability) is one of the most important documents you need to complete. In this blog, we explain what an SoA is, why it’s important and how …
Please note new versions of ISO 27001 and ISO 27002 have now been published. To learn more about what these updates mean for your organisation, and to buy your copies of ISO 27001:2022 and ISO 27002:2022, please visit our information …
Organisations that implement ISO 27001 must demonstrate their compliance by completing appropriate documents. ISO 27001’s mandatory documents include: 4.3 The scope of the ISMS 5.2 Information security policy 6.1.2 Information security risk assessment process 6.1.3 Information security risk treatment plan 6.1.3 The Statement of …
The GDPR (General Data Protection Regulation) gives data subjects the right to access their personal data from data controllers that are processing it and “to exercise that right easily and at reasonable intervals, in order to be aware of, and …
An integral part of your EU General Data Protection Regulation (GDPR) compliance project is producing appropriate documentation, which includes a personal data breach notification procedure.
If you’re just beginning your GDPR project, we suggest that your organisation should prioritise creating incident …
The Data Security and Protection (DSP) Toolkit has superseded the Information Governance (IG) Toolkit as the standard for cyber and data security for healthcare organisations. The deadline for completing the DSP Toolkit is 31 March 2019, although larger organisations are …
Excerpts of this blog have been extracted from The Power of the Agile Business Analyst, Second edition by Jamie Lynn Cooke, currently available to pre-order from IT Governance. Agile project management demonstrates a dramatically enhanced level of communication and pragmatic …
Managing the right to withdraw consent is a key requirement of the EU General Data Protection Regulation (GDPR), and, if it hasn’t done so already, your organisation should be preparing by creating a withdrawal of consent procedure. What does the …