Issues of Concern

 Data security is no longer an option. All businesses have a duty of care and there are legal responsibilities. In the event of an inspection, for what ever reason, the ICO will check and make judgement as to whether a business has taken adequate precautions to protect data. Precautions should be appropriately proportionate to the size and nature of the business.

Audit considerations will include legal responsibilities;

  • Aspects of info-security compliance; CyberEssentials certification, complete compliance in the case of the GDPR.
  • Handling of personally identifiable information (PII)
  • Policy and roles to manage, check and enforce process and best practice
  • Response ability; to a data breach and also a data subject access request (dSAR), within imposed deadlines;.
  • Staff cyber-awareness training
  • Operational and technical vulnerabilities 
  • Business management operations and process
Get your FREE Audit

Business concerns may include

  • Adopting best practice and being legally compliant - rather than negligent and exposed.

  • Not allowing the business to be compromised, or be victim to malicious activity.

  • Losing data, fraud, ICO inspection and fines

  • Brand reputation, PR, client assurance

  • Encrypted data, inability to trade, a ransomware threat.

  • Changes in working practice; staff working from home, remote access to company networks and data, using personal equipment and saving data at home.

  • Use of Office365, use of strong, regularly changed passwords and multi-factor authentication.

  • Keeping business software patched and up to date.

All of the above - which can have significant impact and cost, can be addressed, dealt with and properly managed.

Get your FREE audit